CVE-2021-39233: Container-related datanode operations can be called without authorization
First published: Fri Nov 19 2021(Updated: )
In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Ozone | <1.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-39233?
CVE-2021-39233 is a vulnerability found in Apache Ozone versions prior to 1.2.0 where Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.
How severe is CVE-2021-39233?
CVE-2021-39233 has a severity rating of 9.1 (critical).
Which software versions are affected by CVE-2021-39233?
Apache Ozone versions up to and excluding 1.2.0 are affected by CVE-2021-39233.
How can I fix CVE-2021-39233?
To fix CVE-2021-39233, it is recommended to upgrade to Apache Ozone version 1.2.0 or later.
Where can I find more information about CVE-2021-39233?
You can find more information about CVE-2021-39233 in the references provided: [Reference 1](http://www.openwall.com/lists/oss-security/2021/11/19/4), [Reference 2](https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44dd-b5db-84d8-607c3226eb00%40apache.org%3E).
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/apache
- canonical/apache ozone