CVE-2023-3628

CWE-3045 documents5 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 74.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat Data GridRedhat Jboss Enterprise Application Platform
Timeline
PublishedDec 18
Latest updateDec 30

Description

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Mavenorg.infinispan:infinispan-server-rest15.0.0.Dev0115.0.0.Dev04+1
NVDredhat/data_grid< 8.4.4

🔴Vulnerability Details

3
OSV
Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions2023-12-30
GHSA
Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions2023-12-30
CVEList
Infispan: rest bulk ops don't check permissions2023-12-18

📋Vendor Advisories

1
Red Hat
infispan: REST bulk ops don't check permissions2023-09-21
CVE-2023-3628 (MEDIUM CVSS 6.5) | A flaw was found in Infinispan's RE | cvebase.io