Lucene search
Veracode Vulnerability DatabaseVERACODE:33075HistoryNov 23, 2021 - 2:30 p.m.
Information Disclosure
2021-11-2314:30:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
hadoop-ozone-recon
information disclosure
nssummaryendpoint
containerendpoint
admin access.
EPSS
0.001
Percentile
24.7%
hadoop-ozone-recon is vulnerable to information disclosure. The vulnerability exists because Recon NSSummaryEndpoint and ContainerEndpoint are not restricted only for admin which allows an attacker to access data from the end points.
References
www.openwall.com/lists/oss-security/2021/11/19/8
github.com/apache/ozone/commit/fc61be54b837006aae8c2127d9dd88d69aa52b6e
github.com/apache/ozone/pull/2638
issues.apache.org/jira/browse/HDDS-5691
mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3Ce0bc6598-9669-b897-fc28-de8a896e36aa%40apache.org%3E
Related
osv
osv
Apache Ozone exposes OM, SCM and Datanode metadata
2021-11-23 18:17:50
CVE-2021-41532
2021-11-19 10:15:08
cvelist
cvelist
CVE-2021-41532 Unauthenticated access to Ozone Recon HTTP endpoints
2021-11-19 09:20:26
github
github
Apache Ozone exposes OM, SCM and Datanode metadata
2021-11-23 18:17:50
prion
prion
Code injection
2021-11-19 10:15:00
nvd
nvd
CVE-2021-41532
2021-11-19 10:15:08
cnvd
cnvd
Apache Ozone Access Control Error Vulnerability
2021-11-24 00:00:00
cve
cve
CVE-2021-41532
2021-11-19 10:15:08