A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2020-12-03T00:00:00
Updated: 2024-08-04T15:40:36.665Z
Reserved: 2020-09-16T00:00:00
Link: CVE-2020-25711
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-12-03T17:15:12.647
Modified: 2024-11-21T05:18:32.843
Link: CVE-2020-25711
Redhat