CVE-2020-17517

CVE-2020-17517: Ozone S3 Gateway allows bucket and key access to non authenticated users

Vendor Apache Software Foundation

Product Apache Ozone

Weakness CWE-285

Published April 27, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users. This affected Apache Ozone prior to the 1.1.0 release.

Key dates

02Disclosure timeline

April 27, 2021 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-17517

Related vulnerabilities

CVE-2020-17517: Ozone S3 Gateway allows bucket and key access to non authenticated users

01Description

02Disclosure timeline

03References

04Related CVE