When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2018-01-10T03:00:00Z

Updated: 2024-09-17T02:01:38.575Z

Reserved: 2017-08-07T00:00:00

Link: CVE-2017-12622

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-01-10T03:29:00.187

Modified: 2024-11-21T03:09:54.980

Link: CVE-2017-12622

cve-icon Redhat

No data.