CVE-2020-25711 Information

Description

A flaw was found in infinispan 10 REST API where authorization permissions are not checked while performing some server management operations. When authz is enabled any user with authentication can perform operations like shutting down the server without the ADMIN role.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1897618 https://security.netapp.com/advisory/ntap-20220210-0023/

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.5