Lucene search

PRIOn knowledge basePRION:CVE-2023-6267

HistoryJan 25, 2024 - 7:15 p.m.

Design/Logic Flaw

2024-01-2519:15:00

PRIOn knowledge base

www.prio-n.com

flaw

json payload

annotation based security

rest resource

deserialization

security constraints

configuration based security

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.8%

JSON

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.

CPENameOperatorVersion
quarkusge3.0.0
quarkuslt3.2.9
quarkuseq3.2.9
quarkuslt2.13.9
quarkuseq2.13.9

Name	Operator	Version
quarkus	ge	3.0.0
quarkus	lt	3.2.9
quarkus	eq	3.2.9
quarkus	lt	2.13.9
quarkus	eq	2.13.9

References

access.redhat.com/errata/RHSA-2024:0494

access.redhat.com/errata/RHSA-2024:0495

access.redhat.com/security/cve/CVE-2023-6267

bugzilla.redhat.com/show_bug.cgi?id=2251155