CVE-2017-15696

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-15696

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15696.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-15696

Aliases

GHSA-g569-49wg-jx5f

Published

2018-02-26T02:29:00Z

Modified

2024-09-03T01:45:37.189637Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.

References

https://lists.apache.org/thread.html/28989e6ed0d3c29e46a489ae508302a50407a40691d5dc968f78cd3f%40%3Cdev.geode.apache.org%3E

Affected packages

Git / github.com/apache/geode

Affected ranges

Type: GIT
Repo: https://github.com/apache/geode
Events: Introduced

280a407c59a89401d5d87d6e6aeda1c975870753

Last affected

59f2a73d108101744ed7b2d88e8d1c948d19781c

Affected versions

rel/v1.*

rel/v1.0.0-incubating

rel/v1.1.0

rel/v1.2.0

rel/v1.2.1

rel/v1.3.0