📦 Ozone

Apache Ozone versions before 1.2.0 expose internal RPC endpoints that allow attackers to download raw data from Datanode and Ozone Manager components, and modify Ratis replication configuration. This ...

This vulnerability allows any client to make unauthorized container-related DataNode requests to Apache Ozone, bypassing authentication mechanisms. It affects Apache Ozone installations prior to versi...

This vulnerability in Apache Ozone's S3 Gateway allows any authenticated Kerberos user to revoke and regenerate S3 secrets of any other user, potentially causing denial of service or privilege escalat...

This vulnerability allows authenticated users with valid Ozone S3 credentials to impersonate any other user by creating specific OM requests. It affects Apache Ozone deployments where users have S3 cr...

This vulnerability allows unauthenticated access to S3 buckets and keys in Apache Ozone clusters through simple HTTP requests or curl commands. It affects all Apache Ozone deployments prior to version...