Summary: | Dump creation | ||
---|---|---|---|
Product: | [Technology] openj9 | Reporter: | Peter Shipton <Peter_Shipton> |
Component: | General | Assignee: | Project Inbox <openj9-inbox> |
Status: | RESOLVED FIXED | QA Contact: | |
Severity: | normal | ||
Priority: | P3 | CC: | wayne.beaton |
Version: | unspecified | Keywords: | security |
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Windows 10 | ||
Whiteboard: |
Description
Peter Shipton
2019-10-15 16:14:36 EDT
project: Eclipse OpenJ9 versions: 0.15 - 0.16 cwe: CWE-285 https://cwe.mitre.org/data/definitions/285.html The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. summary: From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. Uploaded to the central authority by pull request: https://github.com/CVEProject/cvelist/pull/2656 |