CVE-2021-36372 Vulnerability Details

  /     /     /  

CVE-2021-36372 Metadata Quick Info

CVE Published: 19/11/2021 | CVE Updated: 04/08/2024 | CVE Year: 2021
Source: apache | Vendor: Apache Software Foundation | Product: Apache Ozone
Status : PUBLISHED

---

CVE-2021-36372 Description

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-273
CWE Name: CWE-273 Improper Check for Dropped Privileges
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).