CVE-2023-6393

Name of the Vulnerable Software and Affected Versions Quarkus Cache Runtime (affected versions not specified)

Description A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.