CVE-2017-15696 – org.apache.geode:geode-core

Package

Manager: maven
Name: org.apache.geode:geode-core
Vulnerable Version: >=1.0.0 <1.4.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00641 pctl0.69684

Details

Apache Geode configuration request authorization vulnerability When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.

Metadata

Created: 2022-05-14T03:37:08Z
Modified: 2022-11-08T14:18:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g569-49wg-jx5f/GHSA-g569-49wg-jx5f.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-g569-49wg-jx5f
Finding: F308
Auto approve: 1