CVE-2017-2638

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-2638

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-2638.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-2638

Aliases

GHSA-mvxp-3j62-jqr6

Published

2018-07-16T13:29:00Z

Modified

2024-05-13T23:25:54Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.

References

http://rhn.redhat.com/errata/RHSA-2017-1097.html
http://www.securityfocus.com/bid/97964
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638
https://github.com/infinispan/infinispan/pull/4936/commits
https://issues.jboss.org/browse/ISPN-7485

Affected packages

Git / github.com/infinispan/infinispan

Affected ranges

Type: GIT
Repo: https://github.com/infinispan/infinispan
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

20824c900321bd43ddc0f92d16c5cb501414fb5b