Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-3628

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Published

2023-12-18T14:15:08.323

Last Modified

2024-11-21T08:17:42.490

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-304
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	jboss_data_grid	-	Yes
Application	redhat	jboss_enterprise_application_platform	6	Yes
Application	redhat	data_grid	< 8.4.4	Yes
Application	infinispan	infinispan	-	Yes

References

https://access.redhat.com/errata/RHSA-2023:5396 Vendor Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2023-3628 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2217924 Issue Tracking ([email protected])
https://access.redhat.com/errata/RHSA-2023:5396 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-3628 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2217924 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240125-0004/ (af854a3a-2127-422b-91ae-364da2661108)