CVE-2020-35211 – io.atomix:atomix

Package

Manager: maven
Name: io.atomix:atomix
Vulnerable Version: >=0 <=3.1.5

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00237 pctl0.46654

Details

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node. An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext.

Metadata

Created: 2021-12-17T20:40:38Z
Modified: 2022-01-04T18:59:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-4jhc-wjr3-pwh2/GHSA-4jhc-wjr3-pwh2.json
CWE IDs: []
Alternative ID: GHSA-4jhc-wjr3-pwh2
Finding: F159
Auto approve: 1