A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2023:5170 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:5310 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:5337 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:5446 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:5479 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:5480 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:6107 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:6112 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:7653 | Vendor Advisory |
https://access.redhat.com/security/cve/CVE-2023-4853 | Mitigation Vendor Advisory |
https://access.redhat.com/security/vulnerabilities/RHSB-2023-002 | Exploit Mitigation Technical Description Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2238034 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
History
21 Dec 2023, 01:02
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://access.redhat.com/errata/RHSA-2023:6107 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:6112 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2023:7653 - Vendor Advisory | |
First Time |
Redhat enterprise Linux
Redhat openshift Container Platform Redhat jboss Middleware Text-only Advisories |
|
CPE | cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:* cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:* |
05 Dec 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Oct 2023, 18:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Oct 2023, 01:23
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:openshift_serverless:1.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_middleware:1:*:*:*:*:*:*:* |
|
First Time |
Redhat jboss Middleware
|
|
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5446 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5479 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5480 - Vendor Advisory |
05 Oct 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Oct 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Sep 2023, 16:17
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
25 Sep 2023, 16:14
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat integration Camel K
Redhat decision Manager Redhat build Of Quarkus Redhat process Automation Manager Redhat openshift Serverless Redhat integration Service Registry Quarkus quarkus Redhat build Of Optaplanner Redhat Quarkus Redhat integration Camel Quarkus |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://access.redhat.com/security/vulnerabilities/RHSB-2023-002 - Exploit, Mitigation, Technical Description, Vendor Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-4853 - Mitigation, Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5170 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5337 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5310 - Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2238034 - Issue Tracking, Vendor Advisory | |
CWE | CWE-863 | |
CPE | cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:build_of_quarkus:*:*:*:*:text-only:*:*:* cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:process_automation_manager:7.0:*:*:*:*:*:*:* cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:integration_camel_k:*:*:*:*:*:*:*:* |
21 Sep 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Sep 2023, 10:48
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-20 10:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-4853
Mitre link : CVE-2023-4853
CVE.ORG link : CVE-2023-4853
JSON object : View
Products Affected
redhat
- integration_camel_k
- enterprise_linux
- openshift_container_platform
- jboss_middleware_text-only_advisories
- process_automation_manager
- build_of_optaplanner
- decision_manager
- integration_service_registry
- openshift_serverless
- build_of_quarkus
- integration_camel_quarkus
- jboss_middleware
quarkus
- quarkus