Bug 552129 (CVE-2019-17631)

Summary: Dump creation
Product: [Technology] openj9 Reporter: Peter Shipton <Peter_Shipton>
Component: GeneralAssignee: Project Inbox <openj9-inbox>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: wayne.beaton
Version: unspecifiedKeywords: security
Target Milestone: ---   
Hardware: PC   
OS: Windows 10   
Whiteboard:

Description Peter Shipton CLA 2019-10-15 16:14:36 EDT 

    


    


      



        
          Comment 1
        

        
          Peter Shipton CLA

        

        
        

        
          2019-10-15 16:34:25 EDT
        

      






project: Eclipse OpenJ9
versions: 0.15 - 0.16

cwe: CWE-285
https://cwe.mitre.org/data/definitions/285.html
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

summary:
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.

    


    


      



        
          Comment 2
        

        
          Wayne Beaton CLA

        

        
        

        
          2019-10-16 16:03:51 EDT
        

      






Uploaded to the central authority by pull request:

https://github.com/CVEProject/cvelist/pull/2656