A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2023:5396 | Vendor Advisory |
https://access.redhat.com/security/cve/CVE-2023-3629 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2217926 | Issue Tracking |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
16 Sep 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Dec 2023, 22:48
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2217926 - Issue Tracking | |
References | () https://access.redhat.com/security/cve/CVE-2023-3629 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2023:5396 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:redhat:jboss_enterprise_application_platform:6:*:*:*:*:*:*:* cpe:2.3:a:infinispan:infinispan:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:* cpe:2.3:a:redhat:data_grid:*:*:*:*:*:*:*:* |
|
First Time |
Redhat jboss Enterprise Application Platform
Infinispan infinispan Redhat data Grid Redhat Redhat jboss Data Grid Infinispan |
18 Dec 2023, 15:04
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-18 14:15
Updated : 2024-09-16 14:15
NVD link : CVE-2023-3629
Mitre link : CVE-2023-3629
CVE.ORG link : CVE-2023-3629
JSON object : View
Products Affected
infinispan
- infinispan
redhat
- jboss_data_grid
- data_grid
- jboss_enterprise_application_platform
CWE