CVE-2023-6267

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:2.13.9:-:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.2.9:-:*:*:*:*:*:*

History

17 Feb 2024, 10:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0495 -
  • () https://access.redhat.com/errata/RHSA-2024:0494 -

31 Jan 2024, 17:17

Type Values Removed Values Added
CPE cpe:2.3:a:quarkus:quarkus:2.13.9:-:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:3.2.9:-:*:*:*:*:*:*
References () https://bugzilla.redhat.com/show_bug.cgi?id=2251155 - () https://bugzilla.redhat.com/show_bug.cgi?id=2251155 - Issue Tracking, Vendor Advisory
References () https://access.redhat.com/security/cve/CVE-2023-6267 - () https://access.redhat.com/security/cve/CVE-2023-6267 - Vendor Advisory
CWE CWE-755
First Time Quarkus quarkus
Quarkus
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

25 Jan 2024, 19:28

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-25 19:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-6267

Mitre link : CVE-2023-6267

CVE.ORG link : CVE-2023-6267


JSON object : View

Products Affected

quarkus

  • quarkus
CWE
CWE-755

Improper Handling of Exceptional Conditions

CWE-280

Improper Handling of Insufficient Permissions or Privileges