Vulnerability Description
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Ozone | < 1.2.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/11/19/2Mailing ListThird Party Advisory
- https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C110cd117-75edMailing ListMitigationVendor Advisory
- http://www.openwall.com/lists/oss-security/2021/11/19/2Mailing ListThird Party Advisory
- https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C110cd117-75edMailing ListMitigationVendor Advisory
FAQ
What is CVE-2021-39231?
CVE-2021-39231 is a vulnerability with a CVSS score of 9.1 (CRITICAL). In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone ...
How severe is CVE-2021-39231?
CVE-2021-39231 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-39231?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Ozone.