High severity7.1NVD Advisory· Published Jan 10, 2018· Updated Jun 17, 2026
CVE-2017-12622
CVE-2017-12622
Description
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.geode:geode-coreMaven | >= 1.0.0, < 1.3.0 | 1.3.0 |
Affected products
2- Apache Software Foundation/Apache Geodev5Range: 1.0.0 to 1.2.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-h22r-h77w-2g5fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-12622ghsaADVISORY
- issues.apache.org/jira/browse/GEODE-3685ghsaWEB
- lists.apache.org/thread.html/560578479dabbdc93d0ee8746b7c857549202ef82f43aa22496aa589@%3Cuser.geode.apache.org%3EghsaWEB
- lists.apache.org/thread.html/560578479dabbdc93d0ee8746b7c857549202ef82f43aa22496aa589%40%3Cuser.geode.apache.org%3Envd
News mentions
0No linked articles in our index yet.