CVE-2023-39196: Apache Ozone: Missing mutual TLS authentication in one of the service internal Ozone Storage Container Manager endpoints

CVE-2023-39196: Apache Ozone: Missing mutual TLS authentication in one of the service internal Ozone Storage Container Manager endpoints

Open Source Security [[{„value“:“

Posted by István Fajth on Feb 07

Severity: moderate

Affected versions:

– Apache Ozone 1.2.0 through 1.3.0

Description:

Improper Authentication vulnerability in Apache Ozone.

The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without
proper authentication.
The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this
vulnerability.
The accessible metadata does not…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert