Container-related datanode operations can be called without authorization
Description
In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Container-related datanode requests in Apache Ozone prior to 1.2.0 lack authorization, allowing any client to call them.
Vulnerability
In Apache Ozone versions prior to 1.2.0, container-related datanode requests are not properly authorized [1][2]. This allows any client to send such requests without authentication, as the authorization checks are missing [2]. The issue affects Ozone datanode components handling container operations.
Exploitation
An attacker with network access to the Ozone datanode can send arbitrary container-related requests without any authentication or prior knowledge. No special privileges are required [2]. The attacker simply crafts a request that should normally be restricted to authorized clients.
Impact
Successful exploitation allows an attacker to perform unauthorized container operations, such as creating, deleting, or modifying containers, potentially leading to data corruption, disclosure, or denial of service [1][2].
Mitigation
Upgrade to Apache Ozone version 1.2.0 or later [2]. No workarounds are documented in the available references.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.ozone:ozone-mainMaven | < 1.2.0 | 1.2.0 |
Affected products
3- Apache Software Foundation/Apache Ozonev5Range: 1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-33xh-xch9-p6hjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-39233ghsaADVISORY
- www.openwall.com/lists/oss-security/2021/11/19/4ghsamailing-listx_refsource_MLISTWEB
- mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C394a9a73-44dd-b5db-84d8-607c3226eb00%40apache.org%3Eghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.