CVE-2017-9794

Published: Sep 29, 2017

Modified: Sep 17, 2024

PUBLISHED

Description

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view.

Vendor	Product	Versions
Apache Software Foundation	Apache Geode	affected `1.0.0` affected `1.1.0` affected `1.1.1` affected `1.2.0`

References

[geode-user] 20170929 [SECURITY] CVE-2017-9794 Apache Geode gfsh query vulnerability

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-9794

Description

Affected Products

References