Headline
CVE-2021-39236: Owners of the S3 tokens are not validated
In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.
Description:
Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.
This issue is being tracked as HDDS-4763
Mitigation:
Upgrade to Apache Ozone release version 1.2.0
Credit:
Apache Ozone would like to thank Marton Elek for reporting this issue.
To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]