GHSA-8674-26jc-wh98

Source

https://github.com/advisories/GHSA-8674-26jc-wh98

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-8674-26jc-wh98/GHSA-8674-26jc-wh98.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8674-26jc-wh98

Aliases

CVE-2020-25711

Published

2022-02-09T22:56:32Z

Modified

2024-02-17T05:34:33.538781Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

Improper Access Control in infinispan-server-runtime

Details

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.

Database specific

{
    "nvd_published_at": "2020-12-03T17:15:00Z",
    "cwe_ids": [
        "CWE-269",
        "CWE-862"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-09T22:40:14Z"
}

References

Affected packages

Maven / org.infinispan:infinispan-core

Package

Name: org.infinispan:infinispan-core; View open source insights on deps.dev
Purl: pkg:maven/org.infinispan/infinispan-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.0.6.Final

Affected versions

5.*

5.0.0.FINAL

5.0.1.FINAL

5.1.0.ALPHA1

5.1.0.ALPHA2

5.1.0.BETA1

5.1.0.BETA2

5.1.0.BETA3

5.1.0.BETA4

5.1.0.BETA5

5.1.0.CR1

5.1.0.CR2

5.1.0.CR3

5.1.0.CR4

5.1.0.FINAL

5.1.1.CR1

5.1.1.FINAL

5.1.2.CR1

5.1.2.FINAL

5.1.3.CR1

5.1.3.FINAL

5.1.4.CR1

5.1.4.FINAL

5.1.5.CR1

5.1.5.FINAL

5.1.6.FINAL

5.1.7.Final

5.1.8.Final

5.2.0.ALPHA1

5.2.0.ALPHA2

5.2.0.Alpha3

5.2.0.Alpha4

5.2.0.Beta1

5.2.0.Beta2

5.2.0.Beta3

5.2.0.Beta4

5.2.0.Beta5

5.2.0.Beta6

5.2.0.CR1

5.2.0.CR2

5.2.0.CR3

5.2.0.Final

5.2.1.Final

5.2.2.Final

5.2.3.Final

5.2.4.Final

5.2.5.Final

5.2.6.Final

5.2.7.Final

5.2.7-wolfc-1

5.2.8.CR1

5.2.8.Final

5.2.9.Final

5.2.10.Final

5.2.11.CR1

5.2.11.Final

5.2.12.Final

5.2.13.Final

5.2.14.Final

5.2.15.Final

5.2.18.Final

5.2.19.Final

5.2.20.Final

5.3.0.Alpha1

5.3.0.Beta1

5.3.0.Beta2

5.3.0.CR1

5.3.0.CR2

5.3.0.Final

6.*

6.0.0.Alpha1

6.0.0.Alpha2

6.0.0.Alpha3

6.0.0.Alpha4

6.0.0.Beta1

6.0.0.Beta2

6.0.0.CR1

6.0.0.Final

6.0.1.Final

6.0.2.Final

7.*

7.0.0.Alpha1

7.0.0.Alpha2

7.0.0.Alpha3

7.0.0.Alpha4

7.0.0.Alpha5

7.0.0.Beta1

7.0.0.Beta2

7.0.0.CR1

7.0.0.CR2

7.0.0.Final

7.0.1.Final

7.0.2.Final

7.0.3.Final

7.1.0.Alpha1

7.1.0.Beta1

7.1.0.CR1

7.1.0.CR2

7.1.0.Final

7.1.1.Final

7.2.0.Alpha1

7.2.0.Beta1

7.2.0.Beta2

7.2.0.CR1

7.2.0.Final

7.2.1.Final

7.2.2.Final

7.2.3.Final

7.2.4.Final

7.2.5.Final

8.*

8.0.0.Alpha1

8.0.0.Alpha2

8.0.0.Beta1

8.0.0.Beta2

8.0.0.Beta3

8.0.0.CR1

8.0.0.Final

8.0.1.Final

8.0.2.Final

8.1.0.Alpha1

8.1.0.Alpha2

8.1.0.Beta1

8.1.0.CR1

8.1.0.Final

8.1.1.Final

8.1.2.Final

8.1.3.Final

8.1.4.Final

8.1.5.Final

8.1.6.Final

8.1.7.Final

8.1.8.Final

8.1.9.Final

8.2.0.Beta1

8.2.0.Beta2

8.2.0.CR1

8.2.0.Final

8.2.1.Final

8.2.2.Final

8.2.3.Final

8.2.4.Final

8.2.5.Final

8.2.6.Final

8.2.7.Final

8.2.8.Final

8.2.10.Final

8.2.11.Final

8.2.12.Final

9.*

9.0.0.Alpha1

9.0.0.Alpha2

9.0.0.Alpha3

9.0.0.Alpha4

9.0.0.Beta1

9.0.0.Beta2

9.0.0.CR1

9.0.0.CR2

9.0.0.CR3

9.0.0.CR4

9.0.0.Final

9.0.1.Final

9.0.2.Final

9.0.3.Final

9.1.0.Alpha1

9.1.0.Beta1

9.1.0.CR1

9.1.0.Final

9.1.1.Final

9.1.2.Final

9.1.3.Final

9.1.4.Final

9.1.5.Final

9.1.6.Final

9.1.7.Final

9.2.0.Alpha1

9.2.0.Alpha2

9.2.0.Beta1

9.2.0.Beta2

9.2.0.CR1

9.2.0.CR2

9.2.0.CR3

9.2.0.Final

9.2.1.Final

9.2.2.Final

9.2.3.Final

9.2.4.Final

9.2.5.Final

9.3.0.Alpha1

9.3.0.Beta1

9.3.0.CR1

9.3.0.Final

9.3.1.Final

9.3.2.Final

9.3.3.Final

9.3.4.Final

9.3.5.Final

9.3.6.Final

9.3.8.Final

9.3.9.Final

9.4.0.Alpha1

9.4.0.Beta1

9.4.0.CR1

9.4.0.CR2

9.4.0.CR3

9.4.0.Final

9.4.1.Final

9.4.2.Final

9.4.3.Final

9.4.4.Final

9.4.5.Final

9.4.6.Final

9.4.7.Final

9.4.8.Final

9.4.9.Final

9.4.10.Final

9.4.11.Final

9.4.12.Final

9.4.13.Final

9.4.14.Final

9.4.15.Final

9.4.16.Final

9.4.17.Final

9.4.18.Final

9.4.19.Final

9.4.20.Final

9.4.21.Final

9.4.22.Final

9.4.23.Final

9.4.24.Final

10.*

10.0.0.Alpha1

10.0.0.Alpha2

10.0.0.Alpha3

10.0.0.Beta1

10.0.0.Beta2

10.0.0.Beta3

10.0.0.Beta4

10.0.0.Beta5

10.0.0.CR1

10.0.0.CR2

10.0.0.CR3

10.0.0.Final

10.0.1.Final

10.1.0.Beta1

10.1.0.CR1

10.1.0.Final

10.1.1.Final

10.1.2.Final

10.1.3.Final

10.1.4.Final

10.1.5.Final

10.1.6.Final

10.1.7.Final

10.1.8.Final

10.1.9.Final

11.*

11.0.0.Alpha

11.0.0.Alpha1

11.0.0.Alpha2

11.0.0.CR1

11.0.0.Final

11.0.0.Dev03

11.0.0.Dev04

11.0.0.Dev05

11.0.1.Final

11.0.2.Final

11.0.3.Final

11.0.4.Final

11.0.5.Final

Database specific

{
    "last_known_affected_version_range": "<= 11.0.5.Final"
}