CVE-2021-39233: Incorrect Authorization

November 23, 2021

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.

References

github.com/advisories/GHSA-33xh-xch9-p6hj
nvd.nist.gov/vuln/detail/CVE-2021-39233

Code Behaviors & Features

Detect and mitigate CVE-2021-39233 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →