PT-2023-25515 · Unknown · Infinispan
Dhananjay Arunesh
·
Publicado
2023-12-18
·
Atualizado
2024-09-16
·
CVE-2023-3629
CVSS v4.0
7.1
Alta
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Infinispan (affected versions not specified)
Description
A flaw was found in Infinispan's REST, where Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Infinispan