Описание
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.
Отчет
CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio. Please see https://developers.redhat.com/articles/2022/04/18/announcement-red-hat-codeready-studio-reaches-end-life for more information.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat CodeReady Studio 12 | quarkus | Out of support scope | ||
| Red Hat Integration Camel K 1 | quarkus | Affected | ||
| Red Hat build of Quarkus 2.7.5 | quarkus | Fixed | RHSA-2022:4623 | 18.05.2022 |
| RHINT Camel-Q 2.7 | quarkus | Fixed | RHSA-2022:5606 | 19.07.2022 |
| RHINT Service Registry 2.3.0 GA | quarkus | Fixed | RHSA-2022:6835 | 06.10.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.6 High
CVSS3
Связанные уязвимости
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.
EPSS
7.6 High
CVSS3