Description
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.
Remediation
References
https://lists.apache.org/thread.html/28989e6ed0d3c29e46a489ae508302a50407a40691d5dc968f78cd3f%40%3Cdev.geode.apache.org%3E
Related Vulnerabilities
CVE-2023-50719 Vulnerability in maven package org.xwiki.platform:xwiki-platform-search-solr-api
CVE-2020-11059 Vulnerability in npm package aegir
CVE-2023-6393 Vulnerability in maven package io.quarkus:quarkus-cache
CVE-2010-1157 Vulnerability in maven package tomcat:catalina
CVE-2007-5333 Vulnerability in maven package tomcat:tomcat-coyote