CVE-2021-39234 Vulnerability in maven package org.apache.ozone:ozone-common

Description

In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.

Remediation

References

http://www.openwall.com/lists/oss-security/2021/11/19/5

https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C97d65498-7f8c-366f-1bea-5a74b6378f0d%40apache.org%3E

Related Vulnerabilities

CVE-2019-10407 Vulnerability in maven package hudson.plugins:project-inheritance

CVE-2022-26884 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-server

CVE-2019-1003053 Vulnerability in maven package org.jenkins-ci.plugins:hockeyapp

CVE-2017-12610 Vulnerability in maven package org.apache.kafka:kafka_2.12

CVE-2023-40347 Vulnerability in maven package org.jenkins-ci.plugins:maven-artifact-choicelistprovider

Severity

High

Classification

CWE-863 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N