CVE-2021-39233

Summary

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Ozone1.1 <= 1.1affected

Weaknesses

  • CWE-306: cwe-306 Missing Authentication for Critical Function

Workarounds

Upgrade to Apache Ozone release version 1.2.0

ADP Enrichment

CVE Program Container

Additional References

References