Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing authentication/authorization on internal RPC endpoints
Vulnerability Description
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
Apache Ozone 安全漏洞
Vulnerability Description
Apache Ozone是一个应用软件。一个面向Hadoop和云原生环境的可伸缩,冗余和分布式对象存储。 Apache Ozone 1.2.0版本存在安全漏洞,该漏洞源于各种内部服务器到服务器RPC端点可用于连接,攻击者可以从Datanode和Ozone管理器下载原始数据并修改Ratis复制配置。
CVSS Information
N/A
Vulnerability Type
N/A