Описание
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 6 | infinispan | Out of support scope | ||
| Red Hat Data Grid 8.4.4 | infinispan | Fixed | RHSA-2023:5396 | 28.09.2023 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-304
https://bugzilla.redhat.com/show_bug.cgi?id=2217924infispan: REST bulk ops don't check permissions
6.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
nvd
около 2 лет назад
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
CVSS3: 6.5
github
около 2 лет назад
Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions
6.5 Medium
CVSS3