Headline
CVE-2021-39232: Missing admin check for SCM related admin commands
In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.
Description:
Certain admin related SCM commands can be executed by any authenticated users, not just by admins.
This issue is being tracked as HDDS-4530
Mitigation:
Upgrade to Apache Ozone release version 1.2.0
Credit:
Apache Ozone would like to thank Wei-Chiu Chuang for reporting this issue.
To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]