4 matches found
CVE-2023-5236
Summary (based on provided sources): CVE-2023-5236 affects Infinispan and is caused by failing to detect circular object references during unmarshalling, enabling a remote-authenticated attacker to insert a crafted object into the cache to trigger out-of-memory conditions and a denial of service....
CVE-2023-3628
CVE-2023-3628 affects Infinispan REST: bulk read endpoints fail to properly enforce user permissions, potentially allowing an authenticated user to access data outside their intended scope. The condition is documented across multiple sources (GHSA-FHR7-8JX4-R9CP, NVD/NVD-linked CVE, and Red Hat a...
CVE-2023-3629
CVE-2023-3629 concerns Infinispan REST: cache retrieval endpoints fail to properly enforce admin permissions, potentially allowing an authenticated user to access data outside their intended permissions. The description in multiple sources confirms an information exposure risk without admin autho...
CVE-2023-5384
CVE-2023-5384 affects Infinispan: when serializing a cache configuration to XML/JSON/YAML that contains credentials (e.g., JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. This exposes sensitive data if the configuration i...