CVE-2017-12622

Description

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges.

CVSS Version 3.0
CVSS Version 2.0

nvd
CVE ID: CVE-2017-12622
Base Score: 7.1
Base Severity: HIGH
Vector String:CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

nvd
CVE ID: CVE-2017-12622
Base Score: 5.5
Base Severity: MEDIUM
Vector String:AV:N/AC:L/Au:S/C:P/I:P/A:N

Refrence: NVD

Description​

Description