CVE-2021-36372 Vulnerability in maven package org.apache.ozone:ozone-common

Description

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.

Remediation

References

http://www.openwall.com/lists/oss-security/2021/11/19/1

https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E

Related Vulnerabilities

CVE-2023-42794 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2021-23432 Vulnerability in npm package mootools

CVE-2021-4307 Vulnerability in npm package baobab

CVE-2016-10550 Vulnerability in npm package sequelize

CVE-2017-9801 Vulnerability in maven package org.apache.commons:commons-email

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H