Описание
If the Quarkus Form Authentication session cookie Path attribute is set to / then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
A flaw was found in Quarkus. If the Quarkus Form Authentication session cookie Path attribute is set to /, then a cross-site attack may be initiated, which might lead to information disclosure.
Меры по смягчению последствий
This attack can be prevented with the Quarkus CSRF Prevention feature.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | quarkus-vertx-http | Not affected | ||
| Red Hat build of Apicurio Registry 2 | quarkus-vertx-http | Not affected | ||
| Red Hat build of Debezium 1 | quarkus-vertx-http | Not affected | ||
| Red Hat build of Quarkus | io.quarkus/quarkus-vertx-http | Not affected | ||
| Red Hat Fuse 7 | quarkus-vertx-http | Not affected | ||
| Red Hat Integration Camel K 1 | quarkus-vertx-http | Not affected | ||
| Red Hat Integration Camel Quarkus 1 | quarkus-vertx-http | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | quarkus-vertx-http | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | quarkus-vertx-http | Not affected | ||
| Red Hat Process Automation 7 | quarkus-vertx-http | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
Уязвимость компонента Form Authentication Java-фреймворка Quarkus, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
EPSS
5.3 Medium
CVSS3