CVE-2021-39234 Vulnerability in maven package org.apache.ozone:ozone-common

Description

In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.

Remediation

References

http://www.openwall.com/lists/oss-security/2021/11/19/5

https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C97d65498-7f8c-366f-1bea-5a74b6378f0d%40apache.org%3E

Related Vulnerabilities

CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-parent

CVE-2019-10907 Vulnerability in maven package org.airsonic.player:airsonic-main

CVE-2023-51656 Vulnerability in maven package org.apache.iotdb:iotdb-server

CVE-2020-26258 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2023-26118 Vulnerability in npm package angular

Severity

High

Classification

CWE-863 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N