A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2023:5170 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:5310 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:5337 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:5446 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:5479 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:5480 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:6107 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:6112 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:7653 | Vendor Advisory |
https://access.redhat.com/security/cve/CVE-2023-4853 | Mitigation Vendor Advisory |
https://access.redhat.com/security/vulnerabilities/RHSB-2023-002 | Exploit Mitigation Technical Description Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2238034 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
History
21 Dec 2023, 01:02
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux
Redhat openshift Container Platform Redhat jboss Middleware Text-only Advisories |
|
CPE | cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:* cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:* |
|
References | (MISC) https://access.redhat.com/errata/RHSA-2023:6107 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:6112 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2023:7653 - Vendor Advisory |
05 Dec 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Oct 2023, 18:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Oct 2023, 01:23
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:openshift_serverless:1.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_middleware:1:*:*:*:*:*:*:* |
|
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5446 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5479 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5480 - Vendor Advisory | |
First Time |
Redhat jboss Middleware
|
05 Oct 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Oct 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Sep 2023, 16:17
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
25 Sep 2023, 16:14
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://access.redhat.com/security/vulnerabilities/RHSB-2023-002 - Exploit, Mitigation, Technical Description, Vendor Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-4853 - Mitigation, Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5170 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5337 - Vendor Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:5310 - Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2238034 - Issue Tracking, Vendor Advisory | |
CWE | CWE-863 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Redhat integration Camel K
Redhat decision Manager Redhat build Of Quarkus Redhat process Automation Manager Redhat openshift Serverless Redhat integration Service Registry Quarkus quarkus Redhat build Of Optaplanner Redhat Quarkus Redhat integration Camel Quarkus |
|
CPE | cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:build_of_quarkus:*:*:*:*:text-only:*:*:* cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:process_automation_manager:7.0:*:*:*:*:*:*:* cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:integration_camel_k:*:*:*:*:*:*:*:* |
21 Sep 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Sep 2023, 10:48
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-20 10:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-4853
Mitre link : CVE-2023-4853
CVE.ORG link : CVE-2023-4853
JSON object : View
Products Affected
quarkus
- quarkus
redhat
- decision_manager
- jboss_middleware
- process_automation_manager
- enterprise_linux
- build_of_optaplanner
- integration_camel_k
- openshift_serverless
- integration_service_registry
- build_of_quarkus
- jboss_middleware_text-only_advisories
- integration_camel_quarkus
- openshift_container_platform