Lucene search

[email protected]NVD:CVE-2023-0044

HistoryFeb 23, 2023 - 8:15 p.m.

CVE-2023-0044

2023-02-2320:15:12

CWE-79

[email protected]

web.nvd.nist.gov

quarkus

form authentication

path attribute

vulnerability

information disclosure

csrf prevention

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.7%

JSON

If the Quarkus Form Authentication session cookie Path attribute is set to / then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.

Affected configurations

NVD

Node

quarkusquarkusRange<2.13.7

Node

redhatbuild_of_quarkusMatch-

References

access.redhat.com/security/cve/CVE-2023-0044

bugzilla.redhat.com/show_bug.cgi?id=2158081

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.7%

JSON

Related for NVD:CVE-2023-0044

veracode1 osv2 redhatcve1 prion1 github1 cve1 cvelist1 redhat2 ibm1