Описание
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 6 | infinispan | Out of support scope | ||
| Red Hat Data Grid 8.4.4 | infinispan | Fixed | RHSA-2023:5396 | 28.09.2023 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-304
https://bugzilla.redhat.com/show_bug.cgi?id=2217926infinispan: Non-admins should not be able to get cache config via REST API
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.3
nvd
около 2 лет назад
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
CVSS3: 6.5
github
около 2 лет назад
Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions
4.3 Medium
CVSS3