A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2023:5396 | Vendor Advisory |
https://access.redhat.com/security/cve/CVE-2023-3629 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2217926 | Issue Tracking |
https://security.netapp.com/advisory/ntap-20240125-0004/ |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
25 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Dec 2023, 22:48
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CPE | cpe:2.3:a:redhat:data_grid:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:6:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:* cpe:2.3:a:infinispan:infinispan:-:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-Other | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Redhat data Grid
Infinispan infinispan Redhat jboss Data Grid Redhat Redhat jboss Enterprise Application Platform Infinispan |
|
References | () https://access.redhat.com/errata/RHSA-2023:5396 - Vendor Advisory | |
References | () https://access.redhat.com/security/cve/CVE-2023-3629 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2217926 - Issue Tracking |
18 Dec 2023, 15:04
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-18 14:15
Updated : 2024-01-25 14:15
NVD link : CVE-2023-3629
Mitre link : CVE-2023-3629
CVE.ORG link : CVE-2023-3629
JSON object : View
Products Affected
redhat
- data_grid
- jboss_enterprise_application_platform
- jboss_data_grid
infinispan
- infinispan
CWE