Headline
CVE-2021-41532: Unauthenticated access to Ozone Recon HTTP endpoints
In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.
Severity: moderate
Description:
Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.
This issue is being tracked as HDDS-5691
Mitigation:
Upgrade to Apache Ozone release version 1.2.0
Credit:
Apache Ozone would like to thank Ethan Rose for reporting this issue.
To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]