Vulnerability Description
In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Ozone | < 1.2.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/11/19/3Mailing ListThird Party Advisory
- https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C3c30a7f2-13a4Mailing ListVendor Advisory
- http://www.openwall.com/lists/oss-security/2021/11/19/3Mailing ListThird Party Advisory
- https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C3c30a7f2-13a4Mailing ListVendor Advisory
FAQ
What is CVE-2021-39232?
CVE-2021-39232 is a vulnerability with a CVSS score of 8.8 (HIGH). In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.
How severe is CVE-2021-39232?
CVE-2021-39232 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-39232?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Ozone.