CVE-2016-2141 – org.jgroups:jgroups

Package

Manager: maven
Name: org.jgroups:jgroups
Vulnerable Version: >=3.3.0.alpha1 <3.6.10.final || >=0 <3.2.16.final

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00885 pctl0.74564

Details

Improper Input Validation in JGroups JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors. Fixes for this issue have been backported to versions 3.6.10.Final and 3.2.16.Final.

Metadata

Created: 2022-05-13T01:03:31Z
Modified: 2023-06-01T19:57:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rc7h-x6cq-988q/GHSA-rc7h-x6cq-988q.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-rc7h-x6cq-988q
Finding: F184
Auto approve: 1