High severityNVD Advisory· Published Mar 16, 2020· Updated Aug 4, 2024
CVE-2019-10091
CVE-2019-10091
Description
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.geode:geode-coreMaven | < 1.10.0 | 1.10.0 |
Affected products
2- Apache/Apache Geodedescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-wc4x-4gm2-74j8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10091ghsaADVISORY
- cwiki.apache.org/confluence/display/GEODE/Release+NotesghsaWEB
- github.com/apache/geode/commit/e57028fd62a2f5980ea6c9a7ab89ada06c828634ghsaWEB
- github.com/apache/geode/pull/3849ghsaWEB
- issues.apache.org/jira/browse/GEODE-7018ghsaWEB
- lists.apache.org/thread.html/r3342077ac4798631300366be86e545d0c08753cca8fd2663867fe200%40%3Cdev.geode.apache.org%3Eghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.