CVE-2023-3629 – org.infinispan:infinispan-server-rest

Package

Manager: maven
Name: org.infinispan:infinispan-server-rest
Vulnerable Version: >=15.0.0.dev01 <15.0.0.dev04 || >=0 <14.0.18.final

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00078 pctl0.23954

Details

Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Metadata

Created: 2023-12-30T00:30:23Z
Modified: 2024-11-18T16:26:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-r4w2-hjmr-36m7/GHSA-r4w2-hjmr-36m7.json
CWE IDs: ["CWE-304"]
Alternative ID: GHSA-r4w2-hjmr-36m7
Finding: F006
Auto approve: 1