184 matches found
Apache Geode vulnerable to Exposure of Sensitive Information
When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of...
Apache Geode vulnerable to Incorrect Authorization
When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privileg...
GHSA-JMG4-X4VP-6C6X Apache Geode vulnerable to Incorrect Authorization
When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privileg...
Apache Geode SSL endpoint verification vulnerability
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...
GHSA-WC4X-4GM2-74J8 Apache Geode SSL endpoint verification vulnerability
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...
Apache Geode Injection Vulnerability
Apache Geode is an Apache Foundation management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. security attributes prefixed with "sysprop-", "javax.net.ssl", or "security-" are vulnerable to logging of sensitive...
Insertion of Sensitive Information into Log File in Apache Geode
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...
com.lightbend.akka:akka-stream-alpakka-geode_2.11 (=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=2.0.2 <=3.0.4) +41 more potentially affected by CVE-2021-34797 via org.apache.geode:geode-core (>=1.13.0 <=1.13.4)
org.apache.geode:geode-core MAVEN version =1.13.0, =2.0.2, =2.0.2, =1.13.0, =1.13.0, =1.13.0, =1.13.0, =1.13.0, =1.13.0, =1.13.0, =1.13.2, =1.13.2, =1.13.2, =1.13.0, =1.13.0, =1.13.4 and more Source cves: CVE-2021-34797 Source advisory: OSV:GHSA-MW25-F5R2-HPC6...
GHSA-MW25-F5R2-HPC6 Insertion of Sensitive Information into Log File in Apache Geode
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...
CVE-2021-34797
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...
CVE-2021-34797
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...
Design/Logic Flaw
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...
CVE-2021-34797
CVE-2021-34797 affects Apache Geode up to 1.12.4 and 1.13.4, where log file redaction mishandles values starting with non-alphanumeric characters for passwords and security properties prefixed with “sysprop-”, “javax.net.ssl”, or “security-”. This could lead to sensitive information being written...
CVE-2021-34797 Apache Geode project log file redaction of sensitive information vulnerability
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...
Apache Geode 日志信息泄露漏洞
Apache Geode is an Apache Foundation management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. security attributes prefixed with "sysprop-", "javax.net.ssl", or "security-" are vulnerable to logging of sensitive...
CVE-2019-10091
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...
CVE-2019-10091
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...
Code injection
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...
CVE-2019-10091
CVE-2019-10091 affects Apache Geode. When TLS is enabled and ssl-endpoint-identification-enabled is true, Geode may fail to verify hostnames in the certificate SAN during the SSL handshake, enabling potential man-in-the-middle scenarios and compromising intra-cluster communications. The issue is ...
CVE-2019-10091
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack...