Описание
Exposure of sensitive information in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.
Пакеты
Наименование
org.apache.ozone:ozone-main
maven
Затронутые версииВерсия исправления
< 1.2.0
1.2.0
Связанные уязвимости
CVSS3: 9.1
nvd
около 4 лет назад
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.