CVE-2023-3629

🗓️ 18 Dec 2023 13:43:07Reported by redhatType

Flaw in Infinispan's REST, Cache retrieval endpoints allowing unauthorized access

Reporter	Title	Published	Views	Family All 18
ATTACKERKB	CVE-2023-3629	18 Dec 202314:15	–	attackerkb
Chainguard	CVE-2023-3629 vulnerabilities	7 Jan 202601:29	–	cgr
Circl	CVE-2023-3629	30 Aug 202505:19	–	circl
CNNVD	Red Hat Infinispan Security Vulnerability	21 Sep 202300:00	–	cnnvd
Cvelist	CVE-2023-3629 Infinispan: non-admins should not be able to get cache config via rest api	18 Dec 202313:43	–	cvelist
EUVD	EUVD-2023-3281	3 Oct 202520:07	–	euvd
Github Security Blog	Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions	30 Dec 202300:30	–	github
NVD	CVE-2023-3629	18 Dec 202314:15	–	nvd
OSV	CGA-2PPX-7659-Q28X	29 Jan 202600:41	–	osv
OSV	CVE-2023-3629	18 Dec 202314:15	–	osv

NVD

Node

redhat data_gridRange<8.4.4

Node

redhat jboss_data_gridMatch-text-only

Node

redhat jboss_enterprise_application_platformMatch6

Node

infinispan infinispanMatch-

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Data Grid 8.4.4",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "defaultStatus": "unaffected",
    "packageName": "infinispan",
    "cpes": [
      "cpe:/a:redhat:jboss_data_grid:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Enterprise Application Platform 6",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "infinispan",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/a:redhat:jboss_enterprise_application_platform:6"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2023-3629
access	www.access.redhat.com/errata/RHSA-2023:5396
security	www.security.netapp.com/advisory/ntap-20240125-0004/

07 Nov 2025 10:41Current

5.3Medium risk

Vulners AI Score5.3

CVSS 3.14.3 - 6.5

EPSS0.00102

SSVC

CWE-304