CVE-2021-39233

CVE-2021-39233: Container-related datanode operations can be called without authorization

Vendor Apache Software Foundation
Product Apache Ozone
Weakness CWE-306 · Missing auth
Published November 19, 2021
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.

Key dates

02Disclosure timeline

November 19, 2021 CVE published
August 4, 2024 Record updated