CVE-2021-36372 — CRITICAL (9.8)

Q: How severe is CVE-2021-36372?

CVE-2021-36372 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-36372?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Ozone.

Vulnerability Description

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Ozone	< 1.2.0

Related Weaknesses (CWE)

CWE-273

References

http://www.openwall.com/lists/oss-security/2021/11/19/1Third Party Advisory
https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685Mailing ListMitigationVendor Advisory
http://www.openwall.com/lists/oss-security/2021/11/19/1Third Party Advisory
https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685Mailing ListMitigationVendor Advisory

FAQ

What is CVE-2021-36372?

CVE-2021-36372 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated...

How severe is CVE-2021-36372?

CVE-2021-36372 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-36372?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Ozone.