In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Ozone

Affected Versions:

1.0

References

https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C110cd117-75ed-364b-cd38-3effd20f2183%40apache.org%3E

http://www.openwall.com/lists/oss-security/2021/11/19/2

Published: 2021-11-19T09:20:17

Last Modified: 2024-08-04T01:58:18.341Z

Copied to clipboard!