From b92de7cb1bac1e63193f8eddb287f2949c83ff32 Mon Sep 17 00:00:00 2001
From: CVE Team <cve-request@mitre.org>
Date: Mon, 13 Nov 2023 13:00:33 +0000
Subject: [PATCH] "-Synchronized-Data."

---
 2021/39xxx/CVE-2021-39232.json | 93 ++++++++++++++++------------------
 2021/39xxx/CVE-2021-39235.json | 93 ++++++++++++++++------------------
 2 files changed, 90 insertions(+), 96 deletions(-)

diff --git a/2021/39xxx/CVE-2021-39232.json b/2021/39xxx/CVE-2021-39232.json
index fe47df3a8e8..281a2f2c0e1 100644
--- a/2021/39xxx/CVE-2021-39232.json
+++ b/2021/39xxx/CVE-2021-39232.json
@@ -1,14 +1,38 @@
 {
+    "data_version": "4.0",
+    "data_type": "CVE",
+    "data_format": "MITRE",
     "CVE_data_meta": {
-        "ASSIGNER": "security@apache.org",
         "ID": "CVE-2021-39232",
-        "STATE": "PUBLIC",
-        "TITLE": "Missing admin check for SCM related admin commands"
+        "ASSIGNER": "security@apache.org",
+        "STATE": "PUBLIC"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-862 Missing Authorization",
+                        "cweId": "CWE-862"
+                    }
+                ]
+            }
+        ]
     },
     "affects": {
         "vendor": {
             "vendor_data": [
                 {
+                    "vendor_name": "Apache Software Foundation",
                     "product": {
                         "product_data": [
                             {
@@ -24,61 +48,28 @@
                                 }
                             }
                         ]
-                    },
-                    "vendor_name": "Apache Software Foundation"
+                    }
                 }
             ]
         }
     },
-    "credit": [
-        {
-            "lang": "eng",
-            "value": "    Apache Ozone would like to thank Wei-Chiu Chuang for reporting this issue."
-        }
-    ],
-    "data_format": "MITRE",
-    "data_type": "CVE",
-    "data_version": "4.0",
-    "description": {
-        "description_data": [
+    "references": {
+        "reference_data": [
             {
-                "lang": "eng",
-                "value": "In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins."
+                "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C3c30a7f2-13a4-345e-6c8a-c23a2b937041%40apache.org%3E",
+                "refsource": "MISC",
+                "name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C3c30a7f2-13a4-345e-6c8a-c23a2b937041%40apache.org%3E"
+            },
+            {
+                "url": "http://www.openwall.com/lists/oss-security/2021/11/19/3",
+                "refsource": "MISC",
+                "name": "http://www.openwall.com/lists/oss-security/2021/11/19/3"
             }
         ]
     },
     "generator": {
         "engine": "Vulnogram 0.0.9"
     },
-    "impact": [
-        {}
-    ],
-    "problemtype": {
-        "problemtype_data": [
-            {
-                "description": [
-                    {
-                        "lang": "eng",
-                        "value": "cwe-749 Exposed Dangerous Method or Function "
-                    }
-                ]
-            }
-        ]
-    },
-    "references": {
-        "reference_data": [
-            {
-                "refsource": "MISC",
-                "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C3c30a7f2-13a4-345e-6c8a-c23a2b937041%40apache.org%3E",
-                "name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C3c30a7f2-13a4-345e-6c8a-c23a2b937041%40apache.org%3E"
-            },
-            {
-                "refsource": "MLIST",
-                "name": "[oss-security] 20211118 CVE-2021-39232: Apache Ozone: Missing admin check for SCM related admin commands",
-                "url": "http://www.openwall.com/lists/oss-security/2021/11/19/3"
-            }
-        ]
-    },
     "source": {
         "defect": [
             "HDDS-4530"
@@ -87,8 +78,14 @@
     },
     "work_around": [
         {
-            "lang": "eng",
+            "lang": "en",
             "value": "Upgrade to Apache Ozone release version 1.2.0"
         }
+    ],
+    "credits": [
+        {
+            "lang": "en",
+            "value": "    Apache Ozone would like to thank Wei-Chiu Chuang for reporting this issue."
+        }
     ]
 }
\ No newline at end of file
diff --git a/2021/39xxx/CVE-2021-39235.json b/2021/39xxx/CVE-2021-39235.json
index a97916e3f5f..1b874ca9aa5 100644
--- a/2021/39xxx/CVE-2021-39235.json
+++ b/2021/39xxx/CVE-2021-39235.json
@@ -1,14 +1,38 @@
 {
+    "data_version": "4.0",
+    "data_type": "CVE",
+    "data_format": "MITRE",
     "CVE_data_meta": {
-        "ASSIGNER": "security@apache.org",
         "ID": "CVE-2021-39235",
-        "STATE": "PUBLIC",
-        "TITLE": "Access mode of block tokens are not enforced"
+        "ASSIGNER": "security@apache.org",
+        "STATE": "PUBLIC"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-732 Incorrect Permission Assignment for Critical Resource",
+                        "cweId": "CWE-732"
+                    }
+                ]
+            }
+        ]
     },
     "affects": {
         "vendor": {
             "vendor_data": [
                 {
+                    "vendor_name": "Apache Software Foundation",
                     "product": {
                         "product_data": [
                             {
@@ -24,61 +48,28 @@
                                 }
                             }
                         ]
-                    },
-                    "vendor_name": "Apache Software Foundation"
+                    }
                 }
             ]
         }
     },
-    "credit": [
-        {
-            "lang": "eng",
-            "value": "Apache Ozone would like to thank Marton Elek for reporting this issue."
-        }
-    ],
-    "data_format": "MITRE",
-    "data_type": "CVE",
-    "data_version": "4.0",
-    "description": {
-        "description_data": [
+    "references": {
+        "reference_data": [
             {
-                "lang": "eng",
-                "value": "In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block."
+                "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E",
+                "refsource": "MISC",
+                "name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E"
+            },
+            {
+                "url": "http://www.openwall.com/lists/oss-security/2021/11/19/6",
+                "refsource": "MISC",
+                "name": "http://www.openwall.com/lists/oss-security/2021/11/19/6"
             }
         ]
     },
     "generator": {
         "engine": "Vulnogram 0.0.9"
     },
-    "impact": [
-        {}
-    ],
-    "problemtype": {
-        "problemtype_data": [
-            {
-                "description": [
-                    {
-                        "lang": "eng",
-                        "value": "cwe-1220 Insufficient Granularity of Access Control "
-                    }
-                ]
-            }
-        ]
-    },
-    "references": {
-        "reference_data": [
-            {
-                "refsource": "MISC",
-                "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E",
-                "name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E"
-            },
-            {
-                "refsource": "MLIST",
-                "name": "[oss-security] 20211118 CVE-2021-39235: Apache Ozone: Access mode of block tokens are not enforced",
-                "url": "http://www.openwall.com/lists/oss-security/2021/11/19/6"
-            }
-        ]
-    },
     "source": {
         "defect": [
             "HDDS-4558",
@@ -88,8 +79,14 @@
     },
     "work_around": [
         {
-            "lang": "eng",
+            "lang": "en",
             "value": "Upgrade to Apache Ozone release version 1.2.0"
         }
+    ],
+    "credits": [
+        {
+            "lang": "en",
+            "value": "Apache Ozone would like to thank Marton Elek for reporting this issue."
+        }
     ]
 }
\ No newline at end of file