Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tdnhwLTNqNjItanFyNs4AARcX
Infinispan Rest API Does Not Enforce Auth Constraints
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Permalink: https://github.com/advisories/GHSA-mvxp-3j62-jqr6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tdnhwLTNqNjItanFyNs4AARcX
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 9 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Identifiers: GHSA-mvxp-3j62-jqr6, CVE-2017-2638
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-2638
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638
- https://issues.jboss.org/browse/ISPN-7485
- http://rhn.redhat.com/errata/RHSA-2017-1097.html
- http://www.securityfocus.com/bid/97964
- https://github.com/infinispan/infinispan/pull/4936
- https://github.com/advisories/GHSA-mvxp-3j62-jqr6
Blast Radius: 16.9
Affected Packages
maven:org.infinispan:infinispan-server-core
Dependent packages: 89Dependent repositories: 404
Downloads:
Affected Version Ranges: < 9.0.0
Fixed in: 9.0.0
All affected versions:
All unaffected versions: