CVE-2021-39234

medium

Description

In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.

References

https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C97d65498-7f8c-366f-1bea-5a74b6378f0d%40apache.org%3E

http://www.openwall.com/lists/oss-security/2021/11/19/5

Details

Source: Mitre, NVD

Published: 2021-11-19

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.8

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00223