A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.
[
{
"product": "Infinispan",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Infinispan 11.0.0"
}
]
}
]