Apache Geode Authorization Flaw Enables Unprivileged User Control
CVE-2017-12622
7.1HIGH
What is CVE-2017-12622?
An authorization vulnerability in Apache Geode allows authenticated users connecting to a secure environment via the gfsh tool to access status information and exert control over cluster members without possessing the necessary CLUSTER:MANAGE privileges. This flaw raises concerns about the security integrity of Geo-de clusters operating in secure mode, underscoring the importance of restricted access and proper privilege management.
Affected Version(s)
Apache Geode 1.0.0 to 1.2.1