CVE-2017-5649: Information Exposure

April 4, 2017 (updated April 11, 2017)

When a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster.

References

www.securityfocus.com/bid/97378
nvd.nist.gov/vuln/detail/CVE-2017-5649

Detect and mitigate CVE-2017-5649 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →