Improper Access Control in infinispan-server-runtime

GHSA-8674-26jc-wh98 · CVE-2020-25711

Published Feb 9, 2022 · Modified Feb 17, 2024

Description

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-25711
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1897618
WEB https://security.netapp.com/advisory/ntap-20220210-0023

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes