CVE-2021-39231

Description

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.

Risk Information

Base Score

9.1

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

Exploitation Probability

1.238

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities are fixed in Apache-ozone-main 1.2.0	Windows
Multiple vulnerabilities are fixed in Apache-ozone-main for Linux 1.2.0	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234