Vulnerability Description
In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Ozone | < 1.2.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/11/19/4Third Party Advisory
- https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44ddMailing ListVendor Advisory
- http://www.openwall.com/lists/oss-security/2021/11/19/4Third Party Advisory
- https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44ddMailing ListVendor Advisory
FAQ
What is CVE-2021-39233?
CVE-2021-39233 is a vulnerability with a CVSS score of 9.1 (CRITICAL). In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.
How severe is CVE-2021-39233?
CVE-2021-39233 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-39233?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Ozone.