Description
When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster.
Affected products
- Apache Software Foundation / Apache Geode1.0.0 – 1.0.0
- Apache Software Foundation / Apache Geode1.1.0 – 1.1.0
- Apache Software Foundation / Apache Geode1.1.1 – 1.1.1
- Apache Software Foundation / Apache Geode1.2.0 – 1.2.0