{"schema_version": "1.6.1", "id": "CVE-2021-39236", "summary": "Owners of the S3 tokens are not validated", "details": "In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user. ", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "1.0"}, {"last_affected": "1.0"}]}]}], "references": [{"type": "ADVISORY", "url": "https://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C0fd74baa-88a0-39a2-8f3a-b982acb25d5a%40apache.org%3E"}]}