Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This issue affects Apache Geode: versions 1.10 through 1.15.1 Users are recommended to upgrade to version 1.15.2, which fixes the issue.

N/A

跨站请求伪造(CSRF)

Apache Geode 跨站请求伪造漏洞

Apache Geode是美国阿帕奇（Apache）基金会的一套应用于分布式云架构中提供对数据密集型应用程序实时和一致访问数据的管理平台。 Apache Geode 1.15.1及之前版本存在跨站请求伪造漏洞，该漏洞源于管理监控REST API的GET请求容易受到跨站请求伪造攻击，可能导致攻击者提交恶意命令。

N/A

N/A