CVE-2023-3629
MEDIUM6.5EPSS 0.10%Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions
發布日:2023/12/30修改日:2026/2/4
描述
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
受影響套件(1)
- Maven/org.infinispan:infinispan-server-rest>= 15.0.0.Dev01, < 15.0.0.Dev04
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-3629
- PATCHhttps://github.com/infinispan/infinispan
- WEBhttps://access.redhat.com/errata/RHSA-2023:5396
- WEBhttps://access.redhat.com/security/cve/CVE-2023-3629
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2217926
- WEBhttps://github.com/infinispan/infinispan/commit/11b3cb0f7ba68b73dd32f655ff3f3df842a0c6bd
- WEBhttps://github.com/infinispan/infinispan/commit/1e3cc542336d2f49743ab8176ed6f1175e034c59
- WEBhttps://security.netapp.com/advisory/ntap-20240125-0004