Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN697
_____________________________________________________________________

DATE                : 15/10/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Geode versions prior to
                                      1.15.2.

=====================================================================
https://lists.apache.org/thread/161r34nokmcc0w74mnf04lskgb8g1d3g
_____________________________________________________________________

CVE-2024-44088: Apache Geode: Reflected XSS
Severity: moderate 

Affected versions:

- Apache Geode (org.apache.geode:geode-web-api) 1.1.0 before 1.15.2


Description:

Malicious script injection ('Cross-site Scripting') vulnerability in
Apache Geode web-api (REST). This vulnerability allows an attacker
that tricks a logged-in user into clicking a specially-crafted link
to execute code on the returned page, which could lead to theft of
the user's session information and even account takeover.


This issue affects Apache Geode: all versions prior to 1.15.2

Users are recommended to upgrade to version 1.15.2, which fixes the
issue.


Credit:

Nbxiglk (finder)


References:

https://geode.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-44088


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================