Lucene search

GoogleOSV:GHSA-RC7H-X6CQ-988Q

HistoryMay 13, 2022 - 1:03 a.m.

Improper Input Validation in JGroups

2022-05-1301:03:31

Google

osv.dev

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.2%

JSON

JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors. Fixes for this issue have been backported to versions 3.6.10.Final and 3.2.16.Final.

CPENameOperatorVersion
org.jgroups:jgroupseq2.11.0.Alpha3
org.jgroups:jgroupseq3.5.0.Final
org.jgroups:jgroupseq3.4.0.Final
org.jgroups:jgroupseq2.6.21.Final
org.jgroups:jgroupseq3.4.8.Final
org.jgroups:jgroupseq3.3.0.CR2
org.jgroups:jgroupseq3.0.3.Final
org.jgroups:jgroupseq3.6.4
org.jgroups:jgroupseq3.0.16.Final
org.jgroups:jgroupseq3.2.0.Alpha3

Name	Operator	Version
org.jgroups:jgroups	eq	2.11.0.Alpha3
org.jgroups:jgroups	eq	3.5.0.Final
org.jgroups:jgroups	eq	3.4.0.Final
org.jgroups:jgroups	eq	2.6.21.Final
org.jgroups:jgroups	eq	3.4.8.Final
org.jgroups:jgroups	eq	3.3.0.CR2
org.jgroups:jgroups	eq	3.0.3.Final
org.jgroups:jgroups	eq	3.6.4
org.jgroups:jgroups	eq	3.0.16.Final
org.jgroups:jgroups	eq	3.2.0.Alpha3

Rows per page:

1-10 of 1301

References

rhn.redhat.com/errata/RHSA-2016-1435.html

rhn.redhat.com/errata/RHSA-2016-1439.html

rhn.redhat.com/errata/RHSA-2016-2035.html

access.redhat.com/errata/RHSA-2016:1345

access.redhat.com/errata/RHSA-2016:1346

access.redhat.com/errata/RHSA-2016:1347

access.redhat.com/errata/RHSA-2016:1374

access.redhat.com/errata/RHSA-2016:1376

access.redhat.com/errata/RHSA-2016:1389

access.redhat.com/errata/RHSA-2016:1432

access.redhat.com/errata/RHSA-2016:1433

access.redhat.com/errata/RHSA-2016:1434

github.com/belaban/JGroups

github.com/belaban/JGroups/commit/eeaf5241cce464ef21a2dfc4938729ade9ebef36

issues.jboss.org/browse/JGRP-2021

issues.redhat.com/browse/JGRP-2055

issues.redhat.com/browse/JGRP-2074

lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a@%3Cdev.geode.apache.org%3E

lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0@%3Cdev.geode.apache.org%3E

nvd.nist.gov/vuln/detail/CVE-2016-2141

rhn.redhat.com/errata/RHSA-2016-1328.html

rhn.redhat.com/errata/RHSA-2016-1329.html

rhn.redhat.com/errata/RHSA-2016-1330.html

rhn.redhat.com/errata/RHSA-2016-1331.html

rhn.redhat.com/errata/RHSA-2016-1332.html

rhn.redhat.com/errata/RHSA-2016-1333.html

rhn.redhat.com/errata/RHSA-2016-1334.html

web.archive.org/web/20161013163606/www.securityfocus.com/bid/91481

web.archive.org/web/20201207092245/www.securitytracker.com/id/1036165

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.2%

JSON

Related for OSV:GHSA-RC7H-X6CQ-988Q