CVE-2023-3628: Infispan: rest bulk ops don't check permissions
First published: Tue Jun 27 2023(Updated: )
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| =6 | ||
| <8.4.4 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-3628
- agent/softwarecombine
- agent/title
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/redhat
- canonical/redhat jboss data grid
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/6
- canonical/redhat data grid
- vendor/infinispan
- canonical/infinispan infinispan