Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2NzQtMjZqYy13aDk4
Improper Access Control in infinispan-server-runtime
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.
Permalink: https://github.com/advisories/GHSA-8674-26jc-wh98JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2NzQtMjZqYy13aDk4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: almost 2 years ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Identifiers: GHSA-8674-26jc-wh98, CVE-2020-25711
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-25711
- https://bugzilla.redhat.com/show_bug.cgi?id=1897618
- https://security.netapp.com/advisory/ntap-20220210-0023/
- https://github.com/advisories/GHSA-8674-26jc-wh98
Affected Packages
maven:org.infinispan:infinispan-core
Dependent packages: 543Dependent repositories: 4,067
Downloads:
Affected Version Ranges: <= 11.0.5.Final
Fixed in: 11.0.6.Final
All affected versions:
All unaffected versions: