Bug 552129 (CVE-2019-17631) - Dump creation
Summary: Dump creation
Status: RESOLVED FIXED
Alias: CVE-2019-17631
Product: openj9
Classification: Technology
Component: General (show other bugs)
Version: unspecified   Edit
Hardware: PC Windows 10
: P3 normal
Target Milestone: ---   Edit
Assignee: Project Inbox CLA
QA Contact:
URL:
Whiteboard:
Keywords: security
Depends on:
Blocks:
 
Reported: 2019-10-15 16:14 EDT by Peter Shipton CLA
Modified: 2019-10-16 16:03 EDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Shipton CLA 2019-10-15 16:14:36 EDT 

    


    


      



        
          Comment 1
        

        
          Peter Shipton CLA

        

        
        

        
          2019-10-15 16:34:25 EDT
        

      






project: Eclipse OpenJ9
versions: 0.15 - 0.16

cwe: CWE-285
https://cwe.mitre.org/data/definitions/285.html
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

summary:
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.

    


    


      



        
          Comment 2
        

        
          Wayne Beaton CLA

        

        
        

        
          2019-10-16 16:03:51 EDT
        

      






Uploaded to the central authority by pull request:

https://github.com/CVEProject/cvelist/pull/2656