CVE-2021-39234
maven/org.apache.ozone/ozone
Incorrect Authorization
In Apache Ozone, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.
All versions before 1.2.0
Upgrade to version 1.2.0 or above.
2021-11-22
source |