Description
Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99292
Mitigation, Third Party Advisory x_refsource_confirm
http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2017-7686-Apache-Ignite-Information-Disclosure-td19168.html
Scores
CVSS v3
7.5
EPSS
0.0117
EPSS Percentile
78.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (13)
apache/ignite
1.0.0 (2 CPE variants)
apache/ignite
1.1.0
apache/ignite
1.2.0
apache/ignite
1.3.0
apache/ignite
1.4.0
apache/ignite
1.5.0 b1 (2 CPE variants)
apache/ignite
1.6.0
apache/ignite
1.7.0
apache/ignite
1.8.0
apache/ignite
1.9.0
... and 3 more
Published
Jun 28, 2017
Tracked Since
Feb 18, 2026