Apache Geode gfsh query vulnerability
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Package
Affected versions
>= 1.0.0, < 1.2.1
Patched versions
1.2.1
Description
Published by the National Vulnerability Database
Sep 30, 2017
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Nov 8, 2022
Last updated
Jan 29, 2023
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view.
References