Lucene search
RedhatCVELIST:CVE-2023-3628HistoryDec 18, 2023 - 1:43 p.m.
CVE-2023-3628 Infispan: rest bulk ops don't check permissions
2023-12-1813:43:07
CWE-304
redhat
www.cve.org
5
cve-2023-3628
infinispan
rest
permission
unauthorized access
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
24.4%
A flaw was found in Infinispan’s REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Data Grid 8.4.4",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"defaultStatus": "unaffected",
"packageName": "infinispan",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "infinispan",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
}
]Related
cve
cve
CVE-2023-3628
2023-12-18 14:15:08
prion
prion
Design/Logic Flaw
2023-12-18 14:15:00
redhatcve
redhatcve
CVE-2023-3628
2023-09-21 16:54:34
nvd
nvd
CVE-2023-3628
2023-12-18 14:15:08
github
github
redhat
redhat
(RHSA-2023:5396) Moderate: Red Hat Data Grid 8.4.4 security update
2023-09-28 11:54:13
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
24.4%
Related for CVELIST:CVE-2023-3628