PT-2023-25509 · Unknown · Infinispan

Dhananjay Arunesh

Publicado

2023-12-18

Atualizado

2024-09-16

CVE-2023-3628

CVSS v4.0

7.1

Alta

Vetor

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Infinispan (affected versions not specified)

Description A flaw was found in Infinispan's REST, where bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-304

Identificadores relacionados

CVE-2023-3628

GHSA-FHR7-8JX4-R9CP

Produtos afetados

Infinispan

PT-2023-25509 · Unknown · Infinispan

CVE-2023-3628

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13