CVE-2017-12622
published 2018-01-10CVE-2017-12622: When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the…
high7.1CVSS 3.0
AVNACLPRLUINSUCHILAN
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | geode | < 1.3.0 | 1.3.0 |
| apache_software_foundation | apache_geode | — | — |