Marton Elek

**Name of the Vulnerable Software and Affected Versions** Apache Ozone versions prior to 1.2.0 **Description** The issue allows authenticated users with permission to the key to retrieve initially generated block tokens from the metadata database. These tokens can be used even after access has been revoked. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Ozone versions prior to 1.2.0 **Description** The issue allows an attacker to access internal server-to-server RPC endpoints, enabling them to download raw data from Datanode and Ozone manager, and modify Ratis replication configuration. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to internal server-to-server RPC endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Ozone versions prior to 1.2.0 **Description** The issue arises from the lack of proper authorization for Container related Datanode requests in Apache Ozone, allowing any client to make these requests. **Recommendations** For Apache Ozone versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Ozone versions prior to 1.2.0 **Description** The issue allows authenticated users who know the ID of an existing block to craft specific requests, granting them access to those blocks and bypassing security checks like Access Control Lists (ACL). **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Ozone versions prior to 1.2.0 **Description** The issue arises because the Ozone Datanode in Apache Ozone does not check the access mode parameter of the block token. As a result, authenticated users who have a valid READ block token can perform any write operation on the same block. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the block token to prevent unauthorized write operations.

**Name of the Vulnerable Software and Affected Versions** Apache Ozone versions prior to 1.2.0 **Description** The issue allows authenticated users with valid Ozone S3 credentials to create specific OM requests, impersonating any other user. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue.