Request a Demo
Rewterz
Rewterz Threat Alert – Remcos RAT – Active IOCs
November 19, 2021
Rewterz
Rewterz Threat Alert – Quasar RAT – Active IOCs
November 22, 2021

Rewterz Threat Advisory – Multiple Apache Ozone Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-36372 

Apache Ozone could allow a remote authenticated attacker to bypass security restrictions, caused by an error when initially generated block tokens are persisted to the metadata database. An attacker could exploit this vulnerability to retrieve block tokens even after access is revoked.

CVE-2021-39231 

Apache Ozone could allow a remote attacker to bypass security restrictions, caused by the availability of various internal server-to-server RPC endpoints for connections. An attacker could exploit this vulnerability to download raw data from Datanode and Ozone manager and modify Ratis replication configuration

CVE-2021-39233 

Apache Ozone could allow a remote attacker to bypass security restrictions, caused by the improper authorization of container related Datanode requests of Ozone Datanode. An attacker could exploit this vulnerability to allow any client to make calls.

CVE-2021-39234 

Apache Ozone could allow a remote authenticated attacker to bypass security restrictions. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass security checks like ACL and gain access to an existing block.

CVE-2021-39235 

Apache Ozone could allow a remote authenticated attacker to bypass security restrictions, caused by the failure to check the access mode parameter of the block token by Ozone Datanode. An attacker could exploit this vulnerability to perform any write operation on the same block.

CVE-2021-39236 

Apache Ozone could allow a remote authenticated attacker to bypass security restrictions. By creating specific OM requests, an attacker could exploit this vulnerability to impersonate any other user.

CVE-2021-41532 

Apache Ozone could allow a remote attacker to obtain sensitive information, caused by a bug in Recon HTTP endpoints. An attacker could exploit this vulnerability to access the data from these endpoints.

Impact

  • Security Bypass
  • Unauthorized Access
  • Information Disclosure

Affected Vendors

Apache

Affected Products

  • Apache Ozone 1.1.0

Remediation

Upgrade to the latest version of Ozone, available from the Apache Website.

https://ozone.apache.org/