Red Hat · Infinispan · CVE-2021-31917
Name of the Vulnerable Software and Affected Versions:
Red Hat DataGrid versions 8.0.0 through 8.1.1
Infinispan versions 10.0.0 through 12.0.0
Description:
A flaw was found in the software, allowing an attacker to bypass authentication on all REST endpoints when DIGEST is used as the authentication method. This poses a significant threat to data confidentiality and integrity, as well as system availability.
Recommendations:
For Red Hat DataGrid versions 8.0.0 through 8.1.1, consider disabling the DIGEST authentication method until a patch is available.
For Infinispan versions 10.0.0 through 12.0.0, restrict access to all REST endpoints to minimize the risk of exploitation.