CVE-2017-15694: Metadata modification vulnerability

June 21, 2019 (updated June 24, 2019)

When an Apache Geode server is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster.

References

www.securityfocus.com/bid/108870
issues.apache.org/jira/browse/GEODE-3981
lists.apache.org/thread.html/311505e7b7a045aaa246f0a1935703acacf41b954621b1363c40bf6f@%3Cuser.geode.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2017-15694

Code Behaviors & Features

Detect and mitigate CVE-2017-15694 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →