CVE-2021-41532

Summary

In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache OzoneEverglades (1.1.0) <= 1.1.0affected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Workarounds

Upgrade to Apache Ozone release version 1.2.0

ADP Enrichment

CVE Program Container

Additional References

References