CVE-2021-41532

CVE-2021-41532: Unauthenticated access to Ozone Recon HTTP endpoints

Vendor Apache Software Foundation

Product Apache Ozone

Weakness CWE-200 · Info exposure

Published November 19, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.

Key dates

02Disclosure timeline

November 19, 2021 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-41532

Related vulnerabilities

04Related CVE

CVE-2024-11961 Guangzhou Huayi Intelligent Technology Jeewms WmOmNoticeHController.java preHandle information disclosure CVE-2025-4426 SetupAutomationSmm : SMRAM memory contents leak / information disclosure vulnerability in SMM module CVE-2022-39359 Metabase's GeoJSON validation doesn't prevent redirects to blocked URLs CVE-2024-13807 Xagio SEO <= 7.1.0.5 - Unauthenticated Sensitive Information Exposure via Unprotected Back-Up Files CVE-2023-52208 WordPress Constant Contact Forms Plugin <= 2.4.2 is vulnerable to Sensitive Data Exposure