CVE-2021-39235

CVSS v3.1 6.5 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.08 % (35^th)

Affected Products 1

Advisories 1

In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.

Weaknesses

CWE-732: Incorrect Permission Assignment for Critical Resource

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2021-11-19 10:15:08
(2 years ago)
Updated Date: 2023-12-22 19:21:34
(9 months ago)

Affected Products

Apache

Ozone

Configuration #1

		CPE23	From	Up To
	Apache Ozone prior 1.2.0 version	cpe:2.3:a:apache:ozone		< 1.2.0