CVE-2021-39234
Incorrect Authorization in Apache Ozone
6.8
MEDIUM
CVSS 3.1
EPSS 0.15%
Description
In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.
How to fix CVE-2021-39234
To remediate CVE-2021-39234, upgrade the affected package to a fixed version below.
- Maven/org.apache.ozone:ozone-main—upgrade to 1.2.0 or later
Is CVE-2021-39234 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.2.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.8 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |