CVE-2021-39231
Exposure of sensitive information in Apache Ozone
9.1
CRITICAL
CVSS 3.1
EPSS 1.2%
Description
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.
How to fix CVE-2021-39231
To remediate CVE-2021-39231, upgrade the affected package to a fixed version below.
- —upgrade to 1.2.0 or later
Is CVE-2021-39231 being exploited?
Low — EPSS is 1.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.2.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |