CVE-2021-39231

Summary

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Ozone1.0 <= 1.0affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

Workarounds

Upgrade to Apache Ozone release version 1.2.0

ADP Enrichment

CVE Program Container

Additional References

References