Show plain JSON{"containers": {"cna": {"affected": [{"product": "Apache Ozone", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.0", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Apache Ozone would like to thank Marton Elek for reporting this issue."}], "descriptions": [{"lang": "en", "value": "In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-11-13T12:47:55.398Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E"}, {"name": "[oss-security] 20211118 CVE-2021-39235: Apache Ozone: Access mode of block tokens are not enforced", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/11/19/6"}], "source": {"defect": ["HDDS-4558", "HDDS-4644"], "discovery": "UNKNOWN"}, "title": "Access mode of block tokens are not enforced", "workarounds": [{"lang": "en", "value": "Upgrade to Apache Ozone release version 1.2.0"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2021-39235", "STATE": "PUBLIC", "TITLE": "Access mode of block tokens are not enforced"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Ozone", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.0", "version_value": "1.0"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "Apache Ozone would like to thank Marton Elek for reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}]}, "references": {"reference_data": [{"name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E", "refsource": "MISC", "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E"}, {"name": "[oss-security] 20211118 CVE-2021-39235: Apache Ozone: Access mode of block tokens are not enforced", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/11/19/6"}]}, "source": {"defect": ["HDDS-4558", "HDDS-4644"], "discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "Upgrade to Apache Ozone release version 1.2.0"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:06:41.327Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E"}, {"name": "[oss-security] 20211118 CVE-2021-39235: Apache Ozone: Access mode of block tokens are not enforced", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/11/19/6"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-39235", "datePublished": "2021-11-19T09:20:23", "dateReserved": "2021-08-17T00:00:00", "dateUpdated": "2024-08-04T02:06:41.327Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}