CVE-2023-3629

{"id": "CVE-2023-3629", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-12-18T14:15:08.557", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:5396", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-3629", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217926", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-304"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en REST de Infinispan: los endpoints de recuperaci\u00f3n de cach\u00e9 no eval\u00faan adecuadamente los permisos de administrador necesarios para la operaci\u00f3n. Este problema podr\u00eda permitir que un usuario autenticado acceda a informaci\u00f3n fuera de sus permisos previstos."}], "lastModified": "2024-09-16T14:15:11.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:data_grid:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6401304-B700-4F69-9385-66B7398C55D8", "versionEndExcluding": "8.4.4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*", "vulnerable": true, "matchCriteriaId": "2BF03A52-4068-47EA-8846-1E5FB708CE1A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68E89E9D-88CA-4BCC-8871-EF4AF913D871"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:infinispan:infinispan:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6718434-9048-42D0-8E70-40531CA83A16"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}