Description
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.
Remediation
References
https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C110cd117-75ed-364b-cd38-3effd20f2183%40apache.org%3E
http://www.openwall.com/lists/oss-security/2021/11/19/2
Related Vulnerabilities
CVE-2023-35161 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui
CVE-2022-31175 Vulnerability in npm package @ckeditor/ckeditor5-html-support
CVE-2022-27263 Vulnerability in npm package strapi
CVE-2023-48238 Vulnerability in npm package json-web-token
CVE-2023-24621 Vulnerability in maven package com.esotericsoftware.yamlbeans:yamlbeans