CVE-2017-9794 – org.apache.geode:geode-core

Package

Manager: maven
Name: org.apache.geode:geode-core
Vulnerable Version: >=1.0.0 <1.2.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00459 pctl0.63155

Details

Apache Geode gfsh query vulnerability When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view.

Metadata

Created: 2022-05-17T00:34:39Z
Modified: 2022-11-08T14:34:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-37m3-qp37-x3c6/GHSA-37m3-qp37-x3c6.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-37m3-qp37-x3c6
Finding: F310
Auto approve: 1