admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-13 13:00:33 +00:00
parent 1eff29e167
commit b92de7cb1b
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
2 changed files with 90 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
2021/39xxx/CVE-2021-39232.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-39232",
"STATE": "PUBLIC",
"TITLE": "Missing admin check for SCM related admin commands"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
@ -24,61 +48,28 @@
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Apache Ozone would like to thank Wei-Chiu Chuang for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins."
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C3c30a7f2-13a4-345e-6c8a-c23a2b937041%40apache.org%3E",
"refsource": "MISC",
"name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C3c30a7f2-13a4-345e-6c8a-c23a2b937041%40apache.org%3E"
},
{
"url": "http://www.openwall.com/lists/oss-security/2021/11/19/3",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2021/11/19/3"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cwe-749 Exposed Dangerous Method or Function "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C3c30a7f2-13a4-345e-6c8a-c23a2b937041%40apache.org%3E",
"name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C3c30a7f2-13a4-345e-6c8a-c23a2b937041%40apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20211118 CVE-2021-39232: Apache Ozone: Missing admin check for SCM related admin commands",
"url": "http://www.openwall.com/lists/oss-security/2021/11/19/3"
}
]
},
"source": {
"defect": [
"HDDS-4530"
@ -87,8 +78,14 @@
},
"work_around": [
{
"lang": "eng",
"lang": "en",
"value": "Upgrade to Apache Ozone release version 1.2.0"
}
],
"credits": [
{
"lang": "en",
"value": " Apache Ozone would like to thank Wei-Chiu Chuang for reporting this issue."
}
]
}

93
2021/39xxx/CVE-2021-39235.json
View File

@ -1,14 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-39235",
"STATE": "PUBLIC",
"TITLE": "Access mode of block tokens are not enforced"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
@ -24,61 +48,28 @@
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Ozone would like to thank Marton Elek for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block."
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E",
"refsource": "MISC",
"name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E"
},
{
"url": "http://www.openwall.com/lists/oss-security/2021/11/19/6",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2021/11/19/6"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cwe-1220 Insufficient Granularity of Access Control "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E",
"name": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20211118 CVE-2021-39235: Apache Ozone: Access mode of block tokens are not enforced",
"url": "http://www.openwall.com/lists/oss-security/2021/11/19/6"
}
]
},
"source": {
"defect": [
"HDDS-4558",
@ -88,8 +79,14 @@
},
"work_around": [
{
"lang": "eng",
"lang": "en",
"value": "Upgrade to Apache Ozone release version 1.2.0"
}
],
"credits": [
{
"lang": "en",
"value": "Apache Ozone would like to thank Marton Elek for reporting this issue."
}
]
}