CVE-2021-39236

Summary

In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Ozone1.0 <= 1.0affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

Workarounds

Upgrade to Apache Ozone release version 1.2.0

ADP Enrichment

CVE Program Container

Additional References

References