CVE-2016-9885 gfsh exposed over go router for GemFire for PCF
Severity
Critical
Vendor
Pivotal
Description
The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters is unencrypted. An attacker could run any command available on gfsh
and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster.
Affected VMware Products and Versions
Severity is critical unless otherwise noted.
- GemFire for PCF:
- 1.6.x versions prior to 1.6.5
- 1.7.x versions prior to 1.7.1
Mitigation
Users of affected versions should apply the following mitigation:
- Upgrade GemFire for PCF:
- 1.6.x versions to 1.6.5 or later
- 1.7.x versions to 1.7.1 or later
- After upgrading, we recommend connection to
gfsh
from a jumpbox inside of your network. Refer to the GemFire documentation for more information. - Use a load balancer in front of the go router to limit the access to the
gfsh
endpoint such as in the reference architecture provided here.
Credit
This issue was responsibly reported by the GemFire for PCF team.
References
History
2017-01-04: Initial vulnerability report published