Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-fhr7-8jx4-r9cp

Опубликовано: 30 дек. 2023
Источник: github
Github: Прошло ревью
CVSS4: 7.1
CVSS3: 6.5

Описание

Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Ссылки

Пакеты

Наименование

org.infinispan:infinispan-server-rest

maven
Затронутые версииВерсия исправления

>= 15.0.0.Dev01, < 15.0.0.Dev04

15.0.0.Dev04

Наименование

org.infinispan:infinispan-server-rest

maven
Затронутые версииВерсия исправления

< 14.0.18.Final

14.0.18.Final

EPSS

Процентиль: 25%
0.00089
Низкий

7.1 High

CVSS4

6.5 Medium

CVSS3

CVE ID

CVE-2023-3628

Дефекты

CWE-304

Связанные уязвимости

redhat логотип

CVE-2023-3628

CVSS3: 6.5
redhat
больше 2 лет назад

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

nvd логотип

CVE-2023-3628

CVSS3: 6.5
nvd
около 2 лет назад

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

EPSS

Процентиль: 25%
0.00089
Низкий

7.1 High

CVSS4

6.5 Medium

CVSS3

CVE ID

CVE-2023-3628

Дефекты

CWE-304