Medium severity4.3NVD Advisory· Published Sep 30, 2017· Updated May 13, 2026

CVE-2017-9794

Description

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.apache.geode:geode-coreMaven	>= 1.0.0, < 1.2.1	1.2.1

Affected products

Apache Software Foundation/Apache Geodev5
Range: 1.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-37m3-qp37-x3c6ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-9794ghsaADVISORY
issues.apache.org/jira/browse/GEODE-3217ghsaWEB
lists.apache.org/thread/403xxbfrh4csyj1st7351g2dkm0hb91vghsaWEB
mail-archives.apache.org/mod_mbox/geode-user/201709.mbox/%3cCAEwge-FqzrT+deCkNkM-EQZuKfg-XuqY4cGjFiqxoKBVduY1Zw%40mail.gmail.com%3envd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000