← volver
CVE-2023-3629

Infinispan: non-admins should not be able to get cache config via rest api

CVSS 4.3 MEDIUMEPSS 0.6%CWE-304
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Productos afectados
Red Hat · Red Hat Data Grid 8.4.4Red Hat · Red Hat JBoss Enterprise Application Platform 6

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2023:5396https://access.redhat.com/security/cve/CVE-2023-3629https://bugzilla.redhat.com/show_bug.cgi?id=2217926https://security.netapp.com/advisory/ntap-20240125-0004/