In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/11/19/1 | Third Party Advisory |
https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C5029c1ac-4685-8492-e3cb-ab48c5c370cf%40apache.org%3E | Mailing List Mitigation Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2021-11-19T09:20:16
Updated: 2024-01-31T09:30:38.799Z
Reserved: 2021-07-12T00:00:00
Link: CVE-2021-36372
JSON object: View
NVD Information
Status : Modified
Published: 2021-11-19T10:15:07.983
Modified: 2024-01-31T10:15:08.297
Link: CVE-2021-36372
JSON object: View
Redhat Information
No data.
CWE