PT-2023-25515 · Unknown · Infinispan

Dhananjay Arunesh

Published

2023-12-18

Updated

2024-09-16

CVE-2023-3629

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Infinispan (affected versions not specified)

Description A flaw was found in Infinispan's REST, where Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-304

Related Identifiers

CVE-2023-3629

GHSA-R4W2-HJMR-36M7

Affected Products

Infinispan

PT-2023-25515 · Unknown · Infinispan

CVE-2023-3629

Weakness Enumeration

Related Identifiers

Affected Products

References · 13