Incorrect Authorization

2024-04-0205:59:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

quarkus

vulnerability

authorization

request validation

security bypass

denial of service

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

70.4%

JSON

quarkus is vulnerable to Incorrect Authorization. The vulnerability is due to improper sanitization or validation for certain character permutations when accepting requests. This potentially can leads to improper evaluation of permissions, resulting in security bypass or Denial of Service.