When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2018-02-22T00:00:00
Updated: 2018-02-26T01:57:02
Reserved: 2017-10-21T00:00:00
Link: CVE-2017-15696
JSON object: View
NVD Information
Status : Modified
Published: 2018-02-26T02:29:00.317
Modified: 2023-11-07T02:40:20.950
Link: CVE-2017-15696
JSON object: View
Redhat Information
No data.
CWE