CVE-2020-25711 - AskarLabs CVE Database

CVE-2020-25711

Vendor N/A

Product infinispan

Weakness CWE-862 · Missing authorization

Published December 3, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.

Key dates

02Disclosure timeline

December 3, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-25711

Related vulnerabilities

04Related CVE

CVE-2024-1937 Brizy – Page Builder <= 2.4.44 - Missing Authorization to Authenticated (Contributor+) Post Modification CVE-2026-33357 Meari OpenAPI device status IDOR CVE-2026-3208 Mercado Pago payments for WooCommerce <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure CVE-2023-40679 WordPress Master Elementor Addons plugin <= 2.0.5.3 - Broken Access Control vulnerability CVE-2023-2783 App Framework does not checks for the secret provided in the incoming webhook request