CVE-2023-39196

CWE-287Improper Authentication4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 74.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache OzoneApache Ozone
Timeline
PublishedFeb 7

Description

Improper Authentication vulnerability in Apache Ozone. The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication. The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability. The accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

Mavenorg.apache.ozone:ozone-main1.2.01.4.0
NVDapache/ozone1.2.01.3.0
CVEListV5apache_software_foundation/apache_ozone1.2.01.3.0

🔴Vulnerability Details

3
OSV
Apache Ozone Improper Authentication vulnerability2024-02-07
GHSA
Apache Ozone Improper Authentication vulnerability2024-02-07
CVEList
Apache Ozone: Missing mutual TLS authentication in one of the service internal Ozone Storage Container Manager endpoints2024-02-07
CVE-2023-39196 (MEDIUM CVSS 5.3) | Improper Authentication vulnerabili | cvebase.io