CVE-2021-39235
Incorrect Permission Assignment for Critical Resource in maven/org.apache.ozone/ozone-datanode
Identifiers
CVE-2021-39235
Package Slug
maven/org.apache.ozone/ozone-datanode
Vulnerability
Incorrect Permission Assignment for Critical Resource
Description
In Apache Ozone, Ozone Datanode does not check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.
Affected Versions
All versions before 1.2.0
Solution
Upgrade to version 1.2.0 or above.
Last Modified
2021-11-22
| source |