When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.
References
Configurations
History
21 Nov 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.apache.org/thread.html/28989e6ed0d3c29e46a489ae508302a50407a40691d5dc968f78cd3f%40%3Cdev.geode.apache.org%3E - |
07 Nov 2023, 02:40
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2018-02-26 02:29
Updated : 2024-11-21 03:15
NVD link : CVE-2017-15696
Mitre link : CVE-2017-15696
CVE.ORG link : CVE-2017-15696
JSON object : View
Products Affected
apache
- geode
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor