Exposure of sensitive information in Apache Ozone
Critical severity
GitHub Reviewed
Published
Nov 23, 2021
to the GitHub Advisory Database
•
Updated Nov 15, 2023
Description
Published by the National Vulnerability Database
Nov 19, 2021
Reviewed
Nov 22, 2021
Published to the GitHub Advisory Database
Nov 23, 2021
Last updated
Nov 15, 2023
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.
References