CVE-2021-39234: Incorrect Authorization

November 23, 2021

In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.

References

github.com/advisories/GHSA-c8cw-2c5j-xff3
nvd.nist.gov/vuln/detail/CVE-2021-39234

Detect and mitigate CVE-2021-39234 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →