Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yNHcyLWhqbXItMzZtN84AA4G2
Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Permalink: https://github.com/advisories/GHSA-r4w2-hjmr-36m7JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yNHcyLWhqbXItMzZtN84AA4G2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 11 months ago
Updated: 14 days ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-r4w2-hjmr-36m7, CVE-2023-3629
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-3629
- https://access.redhat.com/errata/RHSA-2023:5396
- https://access.redhat.com/security/cve/CVE-2023-3629
- https://bugzilla.redhat.com/show_bug.cgi?id=2217926
- https://security.netapp.com/advisory/ntap-20240125-0004
- https://github.com/infinispan/infinispan/commit/11b3cb0f7ba68b73dd32f655ff3f3df842a0c6bd
- https://github.com/infinispan/infinispan/commit/1e3cc542336d2f49743ab8176ed6f1175e034c59
- https://github.com/advisories/GHSA-r4w2-hjmr-36m7
Blast Radius: 10.3
Affected Packages
maven:org.infinispan:infinispan-server-rest
Dependent packages: 59Dependent repositories: 39
Downloads:
Affected Version Ranges: < 14.0.18.Final, >= 15.0.0.Dev01, < 15.0.0.Dev04
Fixed in: 14.0.18.Final, 15.0.0.Dev04
All affected versions: 14.0.1-0.Final, 14.0.1-1.Final, 14.0.1-2.Final, 14.0.1-3.Final, 14.0.1-4.Final, 14.0.1-5.Final, 14.0.1-6.Final, 14.0.1-7.Final
All unaffected versions: