CVE-2023-6393 Quarkus: potential invalid reuse of context when @cacheresult on a uni is used

🗓️ 06 Dec 2023 16:58:54Reported by redhatType

Potential security flaw in Quarkus @CacheResul

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-6393	30 Dec 202306:31	–	circl
CNNVD	Quarkus Security Vulnerabilities	6 Dec 202300:00	–	cnnvd
CVE	CVE-2023-6393	6 Dec 202316:58	–	cve
EUVD	EUVD-2023-3324	3 Oct 202520:07	–	euvd
Github Security Blog	Quarkus Cache Runtime exposes sensitive information to an unauthorized actor	6 Dec 202318:31	–	github
NVD	CVE-2023-6393	6 Dec 202317:15	–	nvd
OSV	GHSA-XFV5-JQGP-VQHJ Quarkus Cache Runtime exposes sensitive information to an unauthorized actor	6 Dec 202318:31	–	osv
Prion	Design/Logic Flaw	6 Dec 202317:15	–	prion
Positive Technologies	PT-2023-32637 · Unknown · Quarkus Cache Runtime	6 Dec 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-6393	6 Dec 202305:27	–	redhatcve

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Quarkus 2.13.9.Final",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "io.quarkus/quarkus-cache",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "2.13.9.Final-redhat-00002",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:quarkus:2.13"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Quarkus",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "io.quarkus/quarkus-cache",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:quarkus:3"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2023:7700
access	www.access.redhat.com/security/cve/CVE-2023-6393

20 Nov 2025 18:05Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.15.3

EPSS0.00631

CWE-200