VYPR
High severity7.5NVD Advisory· Published Apr 27, 2021· Updated Jun 17, 2026

CVE-2020-17517

CVE-2020-17517

Description

The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users. This affected Apache Ozone prior to the 1.1.0 release.

Affected products

2
  • Apache/Ozonellm-fuzzy
    Range: <1.1.0
  • Apache Software Foundation/Apache Ozonev5
    Range: Apache Ozone

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.