Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zN20zLXFwMzcteDNjNs4AAYbk
Apache Geode gfsh query vulnerability
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view.
Permalink: https://github.com/advisories/GHSA-37m3-qp37-x3c6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zN20zLXFwMzcteDNjNs4AAYbk
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 4.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-37m3-qp37-x3c6, CVE-2017-9794
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-9794
- https://issues.apache.org/jira/browse/GEODE-3217
- https://lists.apache.org/thread/403xxbfrh4csyj1st7351g2dkm0hb91v
- https://github.com/advisories/GHSA-37m3-qp37-x3c6
Affected Packages
maven:org.apache.geode:geode-core
Dependent packages: 51Dependent repositories: 368
Downloads:
Affected Version Ranges: >= 1.0.0, < 1.2.1
Fixed in: 1.2.1
All affected versions: 1.1.0, 1.1.1, 1.2.0
All unaffected versions: 1.2.1, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0, 1.9.1, 1.9.2, 1.10.0, 1.11.0, 1.12.0, 1.12.1, 1.12.2, 1.12.3, 1.12.4, 1.12.5, 1.12.6, 1.12.7, 1.12.8, 1.12.9, 1.13.0, 1.13.1, 1.13.2, 1.13.3, 1.13.4, 1.13.5, 1.13.6, 1.13.7, 1.13.8, 1.14.0, 1.14.1, 1.14.2, 1.14.3, 1.14.4, 1.15.0, 1.15.1