In Apache Ozone prior to 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache ozone |