CVE-2021-41532

CWE-200Information ExposureCWE-668Exposure to Wrong Sphere4 documents4 sources
Severity
5.3MEDIUM
EPSS
1.3%
top 20.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache OzoneApache Software Foundation Apache Ozone
Timeline
PublishedNov 19
Latest updateNov 23

Description

In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDapache/ozone< 1.2.0
CVEListV5apache_software_foundation/apache_ozoneEverglades (1.1.0)1.1.0

🔴Vulnerability Details

3
GHSA
Apache Ozone exposes OM, SCM and Datanode metadata2021-11-23
OSV
Apache Ozone exposes OM, SCM and Datanode metadata2021-11-23
CVEList
Unauthenticated access to Ozone Recon HTTP endpoints2021-11-19
CVE-2021-41532 (MEDIUM CVSS 5.3) | In Apache Ozone before 1.2.0 | cvebase.io