In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.
Fixes

Solution

No solution given by the vendor.


Workaround

Upgrade to Apache Ozone release version 1.2.0

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-04T02:06:40.807Z

Reserved: 2021-08-17T00:00:00

Link: CVE-2021-39236

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-11-19T10:15:08.347

Modified: 2024-11-21T06:18:58.837

Link: CVE-2021-39236

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.