Описание
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Issue Tracking
- Vendor Advisory
- Vendor Advisory
- Issue Tracking
Уязвимые конфигурации
Конфигурация 1Версия до 8.4.4 (исключая)
cpe:2.3:a:redhat:data_grid:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*
Конфигурация 3
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:a:infinispan:infinispan:-:*:*:*:*:*:*:*
EPSS
Процентиль: 28%
0.00102
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-304
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.3
redhat
больше 2 лет назад
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
CVSS3: 6.5
github
около 2 лет назад
Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions
EPSS
Процентиль: 28%
0.00102
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-304
NVD-CWE-Other