CVE-2021-39233

Опубликовано: 19 нояб. 2021

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.

Ссылки

http://www.openwall.com/lists/oss-security/2021/11/19/4
Third Party Advisory
https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44dd-b5db-84d8-607c3226eb00%40apache.org%3E
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2021/11/19/4
Third Party Advisory
https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44dd-b5db-84d8-607c3226eb00%40apache.org%3E
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:ozone:*:*:*:*:*:*:*:*

Версия до 1.2.0 (исключая)

EPSS

Процентиль: 78%

0.01174

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-306

NVD-CWE-Other

Связанные уязвимости

GHSA-33xh-xch9-p6hj