CVE-2021-39233

UNRATEDAuth bypass

Description

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.

Affected products

Apache Software Foundation / Apache Ozone1.1 – 1.1

References

MISChttps://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44dd-b5db-84d8-607c3226eb00%40apache.org%3E
MAILING_LISThttp://www.openwall.com/lists/oss-security/2021/11/19/4