In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.CreditsApache Ozone would like to thank Marton Elek for reporting this issue.Referenceshttps://mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C0fd74baa-88a0-39a2-8f3a-b982acb25d5a%40apache.org%3Ehttp://www.openwall.com/lists/oss-security/2021/11/19/7https://issues.apache.org/jira/browse/HDDS-4763
