PT-2020-12308 · Red Hat · Infinispan

Published

2020-10-19

Updated

2021-10-26

CVE-2020-10746

CVSS v3.1

6.1

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions Infinispan version 10

Description A flaw in Infinispan permits local access to controls via both REST and HotRod APIs, allowing a user authenticated to the local machine to perform all operations on the caches, including creation, update, deletion, and shutdown of the entire server.

Recommendations For Infinispan version 10, restrict access to the REST and HotRod APIs to prevent unauthorized local access to controls, and consider implementing additional security measures to limit the actions that can be performed by locally authenticated users.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2020-10746

Affected Products

Infinispan

PT-2020-12308 · Red Hat · Infinispan

CVE-2020-10746

Weakness Enumeration

Related Identifiers

Affected Products

References · 5