Unrated severityNVD Advisory· Published Apr 27, 2021· Updated Aug 4, 2024

Ozone S3 Gateway allows bucket and key access to non authenticated users

CVE-2020-17517

Description

The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users. This affected Apache Ozone prior to the 1.1.0 release.

Affected products

Apache/Ozonellm-fuzzy
Range: <1.1.0
Apache Software Foundation/Apache Ozonev5
Range: Apache Ozone

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apache.org/thread.html/rdd59a176b32c63f7fc0865428bf9bbc69297fa17f6130c80c25869aa%40%3Cdev.ozone.apache.org%3Emitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000