CVE-2020-17517

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-17517

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-17517.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-17517

Published

2021-04-27T09:15:07.867Z

Modified

2025-11-14T10:53:39.899297Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users. This affected Apache Ozone prior to the 1.1.0 release.

References

https://lists.apache.org/thread.html/rdd59a176b32c63f7fc0865428bf9bbc69297fa17f6130c80c25869aa%40%3Cdev.ozone.apache.org%3E

Affected packages

Git / github.com/apache/ozone

Affected ranges

Type: GIT
Repo: https://github.com/apache/ozone
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f2406c4b4eb2b1295d06ec379cfe684ed9a16637

Affected versions

ozone-1.*

ozone-1.1.0-RC1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-17517.json"