CVE-2021-39232

CWE-862Missing AuthorizationCWE-863Incorrect Authorization4 documents4 sources
Severity
8.8HIGH
EPSS
0.7%
top 27.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache OzoneApache Software Foundation Apache Ozone
Timeline
PublishedNov 19
Latest updateNov 23

Description

In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDapache/ozone< 1.2.0

🔴Vulnerability Details

3
GHSA
Incorrect Authorization in Apache Ozone2021-11-23
OSV
Incorrect Authorization in Apache Ozone2021-11-23
CVEList
Missing admin check for SCM related admin commands2021-11-19
CVE-2021-39232 (HIGH CVSS 8.8) | In Apache Ozone versions prior to 1 | cvebase.io