CVE-2023-3628

Infispan: rest bulk ops don't check permissions

CVSS 6.5 MEDIUMEPSS 0.6%CWE-304

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Productos afectados

Red Hat · Red Hat Data Grid 8.4.4 Red Hat · Red Hat JBoss Enterprise Application Platform 6

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/errata/RHSA-2023:5396 https://access.redhat.com/security/cve/CVE-2023-3628 https://bugzilla.redhat.com/show_bug.cgi?id=2217924 https://security.netapp.com/advisory/ntap-20240125-0004/