CVE-2017-15696

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-15696
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15696.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-15696
Aliases
Published
2018-02-26T02:29:00Z
Modified
2024-06-06T11:59:17.705201Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.

References

Affected packages

Git / github.com/apache/geode

Affected ranges

Type
GIT
Repo
https://github.com/apache/geode
Events

Affected versions

rel/v1.*

rel/v1.0.0-incubating
rel/v1.1.0
rel/v1.2.0
rel/v1.2.1
rel/v1.3.0