CVE-2021-39232

Summary

In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Ozone1.0 <= 1.0affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

Workarounds

Upgrade to Apache Ozone release version 1.2.0

ADP Enrichment

CVE Program Container

Additional References

References