CVE-2017-2638: Improper Authentication

May 13, 2022 (updated July 31, 2023)

It was found that the REST API in Infinispan before version 9.0.0 does not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.

References

rhn.redhat.com/errata/RHSA-2017-1097.html
www.securityfocus.com/bid/97964
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638
github.com/advisories/GHSA-mvxp-3j62-jqr6
github.com/infinispan/infinispan/pull/4936
issues.jboss.org/browse/ISPN-7485
nvd.nist.gov/vuln/detail/CVE-2017-2638

Code Behaviors & Features

Detect and mitigate CVE-2017-2638 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →