CVE-2023-3628 – org.infinispan:infinispan-server-rest

Package

Manager: maven
Name: org.infinispan:infinispan-server-rest
Vulnerable Version: >=15.0.0.dev01 <15.0.0.dev04 || >=0 <14.0.18.final

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00115 pctl0.30878

Details

Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Metadata

Created: 2023-12-30T00:30:23Z
Modified: 2024-11-18T16:26:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-fhr7-8jx4-r9cp/GHSA-fhr7-8jx4-r9cp.json
CWE IDs: ["CWE-304"]
Alternative ID: GHSA-fhr7-8jx4-r9cp
Finding: F006
Auto approve: 1