CVE-2020-25711

Name of the Vulnerable Software and Affected Versions infinispan version 10

Description A flaw was found in the infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authorization is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.

Recommendations For infinispan version 10, as a temporary workaround, consider disabling the REST API or restricting access to server management operations until a patch is available. Restrict access to the shutdown operation to minimize the risk of exploitation. Avoid using the REST API for server management operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.