Описание
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Issue Tracking
- Vendor Advisory
- Vendor Advisory
- Issue Tracking
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*
Конфигурация 2
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6:*:*:*:*:*:*:*
Конфигурация 3Версия до 8.4.4 (исключая)
cpe:2.3:a:redhat:data_grid:*:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:a:infinispan:infinispan:-:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00089
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-304
NVD-CWE-Other
Связанные уязвимости
CVSS3: 6.5
redhat
больше 2 лет назад
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
CVSS3: 6.5
github
около 2 лет назад
Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions
EPSS
Процентиль: 25%
0.00089
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-304
NVD-CWE-Other