CVE-2023-4853
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Openshift Serverless 1 on RHEL 8 | 0:1.9.2-3.el8 < * | unaffected |
| Red Hat | Red Hat build of Quarkus 2.13.8.SP2 | 2.13.8.Final-redhat-00005 < * | unaffected |
| Red Hat | Red Hat build of Quarkus 2.13.8.SP2 | 2.13.8.Final-redhat-00005 < * | unaffected |
| Red Hat | Red Hat build of Quarkus 2.13.8.SP2 | 2.13.8.Final-redhat-00005 < * | unaffected |
| Red Hat | Red Hat OpenShift Serverless 1.30 | 1.9.2-3 < * | unaffected |
| Red Hat | Red Hat OpenShift Serverless 1.30 | 1.30.1-1 < * | unaffected |
| Red Hat | Red Hat OpenShift Serverless 1.30 | 1.30.1-1 < * | unaffected |
| Red Hat | Red Hat OpenShift Serverless 1.30 | 1.9.2-3 < * | unaffected |
| Red Hat | Red Hat OpenShift Serverless 1.30 | 1.30.1-1 < * | unaffected |
| Red Hat | Red Hat OpenShift Serverless 1.30 | 1.30.1-1 < * | unaffected |
| Red Hat | Red Hat OpenShift Serverless 1.30 | 1.30.1-1 < * | unaffected |
| Red Hat | Red Hat OpenShift Serverless 1.30 | 1.30.0-5 < * | unaffected |
| Red Hat | Red Hat OpenShift Serverless 1.30 | 1.30.0-6 < * | unaffected |
| Red Hat | Red Hat OpenShift Serverless 1.30 | 1.30.0-6 < * | unaffected |
| Red Hat | RHEL-8 based Middleware Containers | 7.13.4-3 < * | unaffected |
| Red Hat | RHEL-8 based Middleware Containers | 7.13.4-2 < * | unaffected |
| Red Hat | RHEL-8 based Middleware Containers | 7.13.4-2 < * | unaffected |
| Red Hat | RHEL-8 based Middleware Containers | 7.13.4-3 < * | unaffected |
| Red Hat | RHEL-8 based Middleware Containers | 7.13.4-3 < * | unaffected |
Weaknesses
- CWE-148: Improper Neutralization of Input Leaders
Workarounds
Use a ‘deny’ wildcard for base paths, then authenticate specifics within that:
Examples:
deny: /*
authenticated: /services/*
or
deny: /services/*
roles-allowed: /services/rbac/*
NOTE: Products are only vulnerable if they use (or allow use of) path-based HTTP policy configuration. Products may also be affected–shipping the component in question–without being vulnerable (“affected at reduced impact”).
See https://access.redhat.com/security/vulnerabilities/RHSB-2023-002 for more detailed mitigations.
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2023:5170
- https://access.redhat.com/errata/RHSA-2023:5310
- https://access.redhat.com/errata/RHSA-2023:5337
- https://access.redhat.com/errata/RHSA-2023:5446
- https://access.redhat.com/errata/RHSA-2023:5479
- https://access.redhat.com/errata/RHSA-2023:5480
- https://access.redhat.com/errata/RHSA-2023:6107
- https://access.redhat.com/errata/RHSA-2023:6112
- https://access.redhat.com/errata/RHSA-2023:7653
- https://access.redhat.com/security/cve/CVE-2023-4853
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-002
- https://bugzilla.redhat.com/show_bug.cgi?id=2238034
References
- https://access.redhat.com/errata/RHSA-2023:5170
- https://access.redhat.com/errata/RHSA-2023:5310
- https://access.redhat.com/errata/RHSA-2023:5337
- https://access.redhat.com/errata/RHSA-2023:5446
- https://access.redhat.com/errata/RHSA-2023:5479
- https://access.redhat.com/errata/RHSA-2023:5480
- https://access.redhat.com/errata/RHSA-2023:6107
- https://access.redhat.com/errata/RHSA-2023:6112
- https://access.redhat.com/errata/RHSA-2023:7653
- https://access.redhat.com/security/cve/CVE-2023-4853
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-002
- https://bugzilla.redhat.com/show_bug.cgi?id=2238034
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.