Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1maHI3LThqeDQtcjljcM4AA4G4

Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Permalink: https://github.com/advisories/GHSA-fhr7-8jx4-r9cp
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1maHI3LThqeDQtcjljcM4AA4G4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 11 months ago
Updated: 14 days ago

CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-fhr7-8jx4-r9cp, CVE-2023-3628
References:

• https://nvd.nist.gov/vuln/detail/CVE-2023-3628
• https://access.redhat.com/errata/RHSA-2023:5396
• https://access.redhat.com/security/cve/CVE-2023-3628
• https://bugzilla.redhat.com/show_bug.cgi?id=2217924
• https://security.netapp.com/advisory/ntap-20240125-0004
• https://github.com/infinispan/infinispan/commit/70a50352d9195753a588d0fba8c2063b99f96263
• https://github.com/infinispan/infinispan/commit/b34488dcab8bdd4258972568b8405ee7111276ec
• https://github.com/advisories/GHSA-fhr7-8jx4-r9cp

Repository: https://github.com/infinispan/infinispan
Blast Radius: 10.3

Affected Packages