GHSA-c6j7-4fr9-c76p

Suggest an improvement
Source
https://github.com/advisories/GHSA-c6j7-4fr9-c76p
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-c6j7-4fr9-c76p/GHSA-c6j7-4fr9-c76p.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-c6j7-4fr9-c76p
Aliases
Published
2021-11-23T18:17:41Z
Modified
2023-11-14T21:48:57Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Incorrect permissions in Apache Ozone
Details

In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.

Database specific
{
    "nvd_published_at": "2021-11-19T10:15:00Z",
    "cwe_ids": [
        "CWE-732"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-22T18:37:43Z"
}
References

Affected packages

Maven / org.apache.ozone:ozone-main

Package

Name
org.apache.ozone:ozone-main
View open source insights on deps.dev
Purl
pkg:maven/org.apache.ozone/ozone-main

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0