CVE-2021-41532

Опубликовано: 19 нояб. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.

Ссылки

http://www.openwall.com/lists/oss-security/2021/11/19/8
Mailing List
Third Party Advisory
https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3Ce0bc6598-9669-b897-fc28-de8a896e36aa%40apache.org%3E
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2021/11/19/8
Mailing List
Third Party Advisory
https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3Ce0bc6598-9669-b897-fc28-de8a896e36aa%40apache.org%3E
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:ozone:*:*:*:*:*:*:*:*

Версия до 1.2.0 (исключая)

EPSS

Процентиль: 79%

0.01277

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

GHSA-gc37-9g7f-96fx