CVE-2016-2141: Authorization bypass in JGroups

June 30, 2016 (updated April 23, 2019)

JGroups does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors.

References

bugzilla.redhat.com/show_bug.cgi?id=1313589
issues.jboss.org/browse/JGRP-2021

Detect and mitigate CVE-2016-2141 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →