CVE-2023-6267

🗓️ 25 Jan 2024 18:12:44Reported by redhatType

Flaw in JSON payload processing, affects annotation based security for REST resources. Configuration based security not affected.

Reporter	Title	Published	Views	Family All 18
IBM Security Bulletins	Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for February 2023.	7 Mar 202409:24	–	ibm
Circl	CVE-2023-6267	25 Jan 202419:31	–	circl
CNNVD	Quarkus Security Vulnerabilities	25 Jan 202400:00	–	cnnvd
Cvelist	CVE-2023-6267 Quarkus: json payload getting processed prior to security checks when rest resources are used with annotations.	25 Jan 202418:12	–	cvelist
EUVD	EUVD-2024-0298	3 Oct 202520:07	–	euvd
Github Security Blog	Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability	25 Jan 202421:32	–	github
NVD	CVE-2023-6267	25 Jan 202419:15	–	nvd
OSV	CVE-2023-6267	25 Jan 202419:15	–	osv
OSV	GHSA-8J3X-W35R-RW4R Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability	25 Jan 202421:32	–	osv
Prion	Design/Logic Flaw	25 Jan 202419:15	–	prion

NVD

Node

quarkus quarkusRange<2.13.9

quarkus quarkusRange3.0.0–3.2.9

quarkus quarkusMatch2.13.9-

quarkus quarkusMatch3.2.9-

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Quarkus 2.13.9.Final",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "io.quarkus/quarkus-resteasy",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "2.13.9.Final-redhat-00003",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:quarkus:2.13"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Quarkus 3.2.9.Final",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "io.quarkus/quarkus-resteasy",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3.2.9.Final-redhat-00003",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:quarkus:3.2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of OptaPlanner 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "quarkus-resteasy-reactive",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:optaplanner:::el6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Fuse 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "resteasy",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:jboss_fuse:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Integration Camel K 1",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "resteasy-core",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:integration:1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Integration Camel Quarkus 2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "quarkus-resteasy-reactive",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:camel_quarkus:2"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2023-6267
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2024:0495
access	www.access.redhat.com/errata/RHSA-2024:0494

20 Nov 2025 07:08Current

9.2High risk

Vulners AI Score9.2

CVSS 3.18.6 - 9.8

EPSS0.00673

SSVC

CWE-755