A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2023:5396 | Vendor Advisory |
https://access.redhat.com/security/cve/CVE-2023-3629 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2217926 | Issue Tracking |
https://security.netapp.com/advisory/ntap-20240125-0004/ |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
25 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Dec 2023, 22:48
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | NVD-CWE-Other | |
References | () https://access.redhat.com/security/cve/CVE-2023-3629 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2023:5396 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2217926 - Issue Tracking | |
CPE | cpe:2.3:a:infinispan:infinispan:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:6:*:*:*:*:*:*:* cpe:2.3:a:redhat:data_grid:*:*:*:*:*:*:*:* |
18 Dec 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-18 14:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-3629
Mitre link : CVE-2023-3629
CVE.ORG link : CVE-2023-3629
JSON object : View
Products Affected
infinispan
- infinispan
redhat
- jboss_data_grid
- data_grid
- jboss_enterprise_application_platform
CWE