Skip to content

Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions

Moderate severity GitHub Reviewed Published Dec 30, 2023 to the GitHub Advisory Database • Updated Sep 16, 2024

Package

maven org.infinispan:infinispan-server-rest (Maven)

Affected versions

>= 15.0.0.Dev01, < 15.0.0.Dev04
< 14.0.18.Final

Patched versions

15.0.0.Dev04
14.0.18.Final

Description

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

References

Published by the National Vulnerability Database Dec 18, 2023
Published to the GitHub Advisory Database Dec 30, 2023
Reviewed Sep 16, 2024
Last updated Sep 16, 2024

Severity

Moderate

EPSS score

0.057%
(25th percentile)

Weaknesses

CVE ID

CVE-2023-3628

GHSA ID

GHSA-fhr7-8jx4-r9cp

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.