CVE-2020-17517

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Apache Ozone versions prior to 1.1.0

Description: The issue allows unauthorized access to buckets and keys in a secure Apache Ozone Cluster through a curl command or an unauthenticated HTTP request, exposing data to anonymous clients or users.

Recommendations: For Apache Ozone versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the S3 buckets and keys to prevent unauthorized access until the update can be applied.

Fix

Improper Authorization

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-306

Related Identifiers

CVE-2020-17517

Affected Products

Apache Ozone

CVE-2020-17517

Weakness Enumeration

Related Identifiers

Affected Products

References · 5