Every CVE whose affected-product data names Apache Ozone, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2021-36372 — CVSS 9.8 (critical): In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with…
CVE-2021-39231 — CVSS 9.1 (critical): In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible…
CVE-2021-39233 — CVSS 9.1 (critical): In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be…
CVE-2021-39236 — CVSS 8.8 (high): In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other…
CVE-2021-39232 — CVSS 8.8 (high): In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.
CVE-2024-45106 — CVSS 8.1 (high): Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and…
CVE-2020-17517 — CVSS 7.5 (high): The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security…
CVE-2021-39234 — CVSS 6.8 (medium): In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access…
CVE-2021-39235 — CVSS 6.5 (medium): In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid…
CVE-2021-41532 — CVSS 5.3 (medium): In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user…
CVE-2023-39196 — CVSS 5.3 (medium): Improper Authentication vulnerability in Apache Ozone. The vulnerability allows an attacker to download metadata internal to the Storage…