CVE-2021-41532

Exposure of Resource to Wrong Sphere in maven/org.apache.ozone/ozone

Identifiers

CVE-2021-41532

Package Slug

maven/org.apache.ozone/ozone

Vulnerability

Exposure of Resource to Wrong Sphere

Description

In Apache Ozone, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.

Affected Versions

All versions before 1.2.0

Solution

Upgrade to version 1.2.0 or above.

Last Modified

2021-11-22

source