High severity7.5NVD Advisory· Published Apr 27, 2021· Updated Jun 17, 2026
CVE-2020-17517
CVE-2020-17517
Description
The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users. This affected Apache Ozone prior to the 1.1.0 release.
Affected products
2- Apache Software Foundation/Apache Ozonev5Range: Apache Ozone
Patches
Vulnerability mechanics
References
1- lists.apache.org/thread.html/rdd59a176b32c63f7fc0865428bf9bbc69297fa17f6130c80c25869aa%40%3Cdev.ozone.apache.org%3EnvdMailing ListVendor Advisory
News mentions
0No linked articles in our index yet.