22 matches found
RHEL 8 : Release of OpenShift Serverless Client kn 1.30.1 (RHSA-2023:5479)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:5479 advisory. Red Hat OpenShift Serverless Client kn 1.30.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.30.1. The kn CLI is delivered as an RPM...
Security Bulletin: IBM Event Processing is vulnerable to a denial of service
Summary Operator of IBM Event Processing is vulnerable to an unauthorized endpoint access and possibly a denial of service. CVE-2023-4853 Vulnerability Details CVEID: CVE-2023-4853 DESCRIPTION: Quarkus could allow a remote attacker to bypass security restrictions, caused by improper sanitization ...
Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service
Summary Operator of IBM Event Endpoint Management is vulnerable to an unauthorized endpoint access and possibly a denial of service. CVE-2023-4853 Vulnerability Details CVEID: CVE-2023-4853 DESCRIPTION: Quarkus could allow a remote attacker to bypass security restrictions, caused by improper...
Important: Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security one-off update
A one-off update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which provides a detailed severity rating, is available for each vulnerability...
Important: Red Hat Security Advisory: Updated Kogito for Red Hat Process Automation Manager 7.13.4 SP1 Images
A Kogito update is now available for Red Hat Process Automation Manager, including images for Red Hat OpenShift Container Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...
Important: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.30.1 security update
Red Hat OpenShift Serverless 1.30.1 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...
Important: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.30.0 SP1 security update
Release of OpenShift Serverless Operator 1.30.1 and OpenShift Serverless Logic 1.30.0 SP1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat Build of OptaPlanner 8.38.0 SP1
Red Hat build of OptaPlanner 8.38.0 for Quarkus 2.13.8 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scori...
Important: Red Hat Security Advisory: Red Hat Integration Camel K 1.10.2 release security update
Red Hat Integration Camel K 1.10.2 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
CVE-2023-4853
creationtimestamp| type| source ---|---|--- 2023-09-20 14:30:08+00:00| seen| https://t.me/cibsecurity/70793...
io.quarkiverse.renarde:quarkus-renarde (=3.0.4), io.quarkiverse.renarde:quarkus-renarde-backoffice (=3.0.4) +11 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-csrf-reactive (>=3.3.0 <=3.3.2)
io.quarkus:quarkus-csrf-reactive MAVEN version =3.3.0, =3.3.0, =3.3.2 Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...
io.quarkus:quarkus-csrf-reactive-deployment (>=2.13.0.CR1 <=2.16.10.Final) potentially affected by CVE-2023-4853 via io.quarkus:quarkus-csrf-reactive (>=2.13.0.CR1 <=2.16.10.Final)
io.quarkus:quarkus-csrf-reactive MAVEN version =2.13.0.CR1, =2.13.0.CR1, =2.16.10.Final Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...
com.abavilla:fpi-bot-api (>=1.8.1 <=1.8.3), com.abavilla:fpi-bot-api-parent (>=1.8.1 <=1.8.3) +17 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-keycloak-authorization (>=3.3.0 <=3.3.2)
io.quarkus:quarkus-keycloak-authorization MAVEN version =3.3.0, =1.8.1, =1.8.1, =1.8.6, =1.8.6, =1.9.0, =1.9.0, =1.10.1, =1.10.1, =1.0.29, =1.0.29, =1.6.1, =1.6.1, =1.5.1, =1.5.1, =1.3.8, =1.3.10 and more Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...
com.abavilla:fpi-bot-api (>=1.6.0 <=1.8.0), com.abavilla:fpi-bot-api-parent (>=1.6.0 <=1.8.0) +18 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-keycloak-authorization (>=3.0.0.Alpha1 <=3.2.5.Final)
io.quarkus:quarkus-keycloak-authorization MAVEN version =3.0.0.Alpha1, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.0.25, =1.0.25, =1.5.0, =1.5.0, =1.3.1, =1.3.1, =1.3.4, =1.3.7 and more Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...
io.quarkiverse.renarde:quarkus-renarde (=3.0.3), io.quarkiverse.renarde:quarkus-renarde-backoffice (=3.0.3) +10 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-csrf-reactive (>=3.0.0.Alpha1 <=3.2.5.Final)
io.quarkus:quarkus-csrf-reactive MAVEN version =3.0.0.Alpha1, =3.0.0.Alpha1, =3.2.12.Final Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...
com.github.mcollovati:quarkus-hilla (>=2.0.0 <=2.0.1), com.github.mcollovati:quarkus-hilla-deployment (>=2.0.0 <=2.0.1) +8 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-undertow (>=3.3.0 <=3.3.2)
io.quarkus:quarkus-undertow MAVEN version =3.3.0, =2.0.0, =2.0.0, =3.3.0, =3.3.0, =3.3.0, =3.3.2 Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...
com.github.fmcejudo:quarkus-eureka (>=1.0.0 <=1.2.0), com.github.fmcejudo:quarkus-eureka-deployment (>=1.0.0 <=1.2.0) +72 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-undertow (>=3.0.0.Alpha1 <=3.2.5.Final)
io.quarkus:quarkus-undertow MAVEN version =3.0.0.Alpha1, =1.0.0, =1.0.0, =2.0.0-alpha1, =24.4.0, =24.4.0, =2.0.0-alpha1, =24.4.0, =24.4.0, =1.0.0, =2.0.0, =2.0.0, =24.0.0, =24.8.3, =9.2.3, =0.23.0, =0.24.5 and more Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...
ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (=1.2.0), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (=1.2.0) +240 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-vertx-http (>=3.3.0 <=3.3.2)
io.quarkus:quarkus-vertx-http MAVEN version =3.3.0, =0.0.10, =1.8.1, =1.8.1, =1.8.6, =1.8.6, =1.9.0, =1.9.0, =1.10.1, =1.10.1, =1.10.3 and more Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...
com.abavilla:fpi-bot-api (>=1.0.2 <=1.5.0), com.abavilla:fpi-bot-api-core (>=1.0.2 <=1.3.1) +38 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-keycloak-authorization (>=0.27.0 <=2.16.10.Final)
io.quarkus:quarkus-keycloak-authorization MAVEN version =0.27.0, =1.0.2, =1.0.2, =1.0.2, =1.3.2, =1.0.132, =1.0.132, =1.0.133, =1.0.42, =1.0.42, =1.0.42, =1.3.2, =1.0.22, =1.0.22, =1.0.22, =1.3.3, =1.7.1 and more Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...
CVE-2023-4853
CVE-2023-4853 affects Quarkus, where HTTP security policy sanitization fails for certain character permutations in requests. The root cause is improper sanitization, allowing bypass of the security policy and potentially granting unauthorized access to endpoints and causing denial of service. The...