CVE-2023-6267

Опубликовано: 25 янв. 2024

Источник: nvd

CVSS3: 8.6

CVSS3: 9.8

EPSS Низкий

Описание

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.

Ссылки

https://access.redhat.com/errata/RHSA-2024:0494
https://access.redhat.com/errata/RHSA-2024:0495
https://access.redhat.com/security/cve/CVE-2023-6267
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2251155
Issue Tracking
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:0494
https://access.redhat.com/errata/RHSA-2024:0495
https://access.redhat.com/security/cve/CVE-2023-6267
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2251155
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*

Версия до 2.13.9 (исключая)

cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.2.9 (исключая)

cpe:2.3:a:quarkus:quarkus:2.13.9:-:*:*:*:*:*:*

cpe:2.3:a:quarkus:quarkus:3.2.9:-:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00601

Низкий

8.6 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-755

Связанные уязвимости

CVE-2023-6267

CVSS3: 8.6

redhat

около 2 лет назад

GHSA-8j3x-w35r-rw4r

CVSS3: 8.6

github

около 2 лет назад

Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability

EPSS

Процентиль: 69%

0.00601

Низкий

8.6 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-755