CVE-2023-6267
8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Summary
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat build of Quarkus 2.13.9.Final | 2.13.9.Final-redhat-00003 < * | unaffected |
| Red Hat | Red Hat build of Quarkus 3.2.9.Final | 3.2.9.Final-redhat-00003 < * | unaffected |
Weaknesses
- CWE-755: Improper Handling of Exceptional Conditions
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2024:0494
- https://access.redhat.com/errata/RHSA-2024:0495
- https://access.redhat.com/security/cve/CVE-2023-6267
- https://bugzilla.redhat.com/show_bug.cgi?id=2251155
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://access.redhat.com/errata/RHSA-2024:0494
- https://access.redhat.com/errata/RHSA-2024:0495
- https://access.redhat.com/security/cve/CVE-2023-6267
- https://bugzilla.redhat.com/show_bug.cgi?id=2251155
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.