When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2018-02-26T02:00:00Z
Updated: 2024-09-16T20:31:34.354Z
Reserved: 2017-10-21T00:00:00
Link: CVE-2017-15696
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-02-26T02:29:00.317
Modified: 2024-11-21T03:15:01.360
Link: CVE-2017-15696
Redhat
No data.