bug require a CVE and disclosure?
> - How do we know how severe a security issue is?
> - How soon do we need to respond to a security issue?
>
> Anthony
>
>> On Apr 4, 2017, at 7:31 AM, Anthony Baker wrote:
>>
>> CVE-2017-5649: Apache Geode information disclosure v
:
- When is a bug a security bug?
- When does a bug require a CVE and disclosure?
- How do we know how severe a security issue is?
- How soon do we need to respond to a security issue?
Anthony
> On Apr 4, 2017, at 7:31 AM, Anthony Baker wrote:
>
> CVE-2017-5649: Apache Geode in
CVE-2017-5649: Apache Geode information disclosure vulnerability
Severity: Medium
Base score: 5.5 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L)
Vendor:
The Apache Software Foundation
Versions Affected:
Geode 1.1.0
Description:
When a cluster has enabled security by setting the security
