CVE-2021-36372

Improper Check for Dropped Privileges in maven/org.apache.ozone/ozone

Identifiers

CVE-2021-36372

Package Slug

maven/org.apache.ozone/ozone

Vulnerability

Improper Check for Dropped Privileges

Description

In Apache Ozone, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.

Affected Versions

All versions before 1.2.0

Solution

Upgrade to version 1.2.0 or above.

Last Modified

2021-11-22

source