CVE-2017-15695: Permission Issues

June 13, 2018 (updated October 3, 2019)

Apache Geode server is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privilege.

References

www.securityfocus.com/bid/104465
nvd.nist.gov/vuln/detail/CVE-2017-15695

Code Behaviors & Features

Detect and mitigate CVE-2017-15695 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →