7 matches found
CVE-2026-10720 MicroCeph path traversal issue in the remote-import API
Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...
PT-2026-50835
Name of the Vulnerable Software and Affected Versions Canonical MicroCeph versions from the squid and tentacle track Description A path traversal issue exists in the remote-import API. Users possessing a join token or a trusted cluster mTLS certificate, such as enrolled cluster members, can...
GHSA-H22R-H77W-2G5F Apache Geode gfsh authorization vulnerability
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...
Apache Geode gfsh authorization vulnerability
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...
Apache Geode cluster information disclosure vulnerability
Apache Geode cluster is the Apache Software Foundation's platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. An information disclosure vulnerability exists in Apache Geode cluster. An attacker could exploit this...
Unauthorized Access
geode-core is vulnerable to unauthorized access through gfsh authorization. The vulnerability exists as a user who is connected using the to the Geode cluster, using gfsh tool over HTTP, is able to read status information as well as control cluster members even without CLUSTER:MANAGE privileges...
CVE-2017-12622
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...