A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1897618 | Issue Tracking Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220210-0023/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-12-03T00:00:00
Updated: 2022-10-07T00:00:00
Reserved: 2020-09-16T00:00:00
Link: CVE-2020-25711
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-03T17:15:12.647
Modified: 2022-11-10T04:40:57.893
Link: CVE-2020-25711
JSON object: View
Redhat Information
No data.
CWE