CVE-2020-25711: Missing Authorization

February 9, 2022 (updated February 11, 2022)

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.

References

bugzilla.redhat.com/show_bug.cgi?id=1897618
github.com/advisories/GHSA-8674-26jc-wh98
nvd.nist.gov/vuln/detail/CVE-2020-25711
security.netapp.com/advisory/ntap-20220210-0023/

Detect and mitigate CVE-2020-25711 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →