Description
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions.
Affected products
- Apache Software Foundation / Apache Geode1.0.0 to 1.2.1 – 1.0.0 to 1.2.1