Apache Geode Cluster Vulnerability Affecting Secure Mode Operations
CVE-2017-9796

5.3MEDIUM

Key Information:

Vendor: Apache
Status: Apache Geode
Vendor: CVE Published:; 10 January 2018

Summary

In Apache Geode versions prior to v1.3.0, a security flaw exists in clusters operating in secure mode. A user granted read access to specific regions within the cluster can exploit this vulnerability by executing OQL queries that include region names as bind parameters. This allows unauthorized read access to objects contained within regions that should not be accessible to the user. This issue underscores the importance of strict access control mechanisms within secure configurations.

Affected Version(s)

Apache Geode 1.0.0 to 1.2.1

References

https://lists.apache.org/thread.html/e580d22195b6b61ff9cf...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 10, 2018
Vulnerability Reserved
Jun 21, 2017