Описание
Apache Geode gfsh authorization vulnerability
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges.
Пакеты
Наименование
org.apache.geode:geode-core
maven
Затронутые версииВерсия исправления
>= 1.0.0, < 1.3.0
1.3.0
Связанные уязвимости
CVSS3: 7.1
nvd
около 8 лет назад
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges.