CVE-2021-39236
published 2021-11-19CVE-2021-39236: In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | ozone | < 1.2.0 | 1.2.0 |
| apache_software_foundation | apache_ozone | 1.0 – 1.0 | — |