CVE-2023-3628
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|
Weaknesses
- CWE-304: Missing Critical Step in Authentication
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2023:5396
- https://access.redhat.com/security/cve/CVE-2023-3628
- https://bugzilla.redhat.com/show_bug.cgi?id=2217924
- https://security.netapp.com/advisory/ntap-20240125-0004/
References
- https://access.redhat.com/errata/RHSA-2023:5396
- https://access.redhat.com/security/cve/CVE-2023-3628
- https://bugzilla.redhat.com/show_bug.cgi?id=2217924
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.