Описание
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
It was found that the REST API in infinispan did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Data Grid 6 | rest | Affected | ||
| Red Hat JBoss Data Grid 7.1 | Fixed | RHSA-2017:1097 | 19.04.2017 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-306
https://bugzilla.redhat.com/show_bug.cgi?id=1428564infinispan: auth bypass in REST api
EPSS
Процентиль: 65%
0.00495
Низкий
6.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
nvd
больше 7 лет назад
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
CVSS3: 6.5
github
больше 3 лет назад
Infinispan Rest API Does Not Enforce Auth Constraints
EPSS
Процентиль: 65%
0.00495
Низкий
6.5 Medium
CVSS3