CVE-2021-39234: Incorrect Authorization

November 19, 2021

In Apache Ozone, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.

References

www.openwall.com/lists/oss-security/2021/11/19/5
mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C97d65498-7f8c-366f-1bea-5a74b6378f0d%40apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2021-39234

Code Behaviors & Features

Detect and mitigate CVE-2021-39234 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →