CVE-2017-9794: Information Exposure

September 30, 2017 (updated October 6, 2017)

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries; the query results may contain data from another user’s concurrently executing gfsh query, potentially revealing data that the user is not authorized to view.

References

nvd.nist.gov/vuln/detail/CVE-2017-9794

Code Behaviors & Features

Detect and mitigate CVE-2017-9794 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →