Apache Ozone Server-to-Server RPC Endpoint Data Exposure and Ratis Replication Configuration Modification Vulnerability

Apache Ozone Server-to-Server RPC Endpoint Data Exposure and Ratis Replication Configuration Modification Vulnerability

CVE-2021-39231 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.

Learn more about our Cis Benchmark Audit For Apache Http Server.