Описание
A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Data Grid 8 | infinispan | Affected | ||
| Red Hat Fuse 7 | infinispan-rest | Not affected | ||
| Red Hat JBoss Data Grid 7 | infinispan-rest | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | infinispan-rest | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | infinispan-rest | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | infinispan-rest | Out of support scope | ||
| Red Hat Data Grid | Fixed | RHSA-2020:3626 | 03.09.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.4 High
CVSS3
Связанные уязвимости
A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.
A flaw was found in Infinispan version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.
EPSS
8.4 High
CVSS3