Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-3629

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Published

2023-12-18T14:15:08.557

Last Modified

2024-11-21T08:17:42.637

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-304
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	data_grid	< 8.4.4	Yes
Application	redhat	jboss_data_grid	-	Yes
Application	redhat	jboss_enterprise_application_platform	6	Yes
Application	infinispan	infinispan	-	Yes

References

https://access.redhat.com/errata/RHSA-2023:5396 Vendor Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2023-3629 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2217926 Issue Tracking ([email protected])
https://access.redhat.com/errata/RHSA-2023:5396 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-3629 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2217926 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240125-0004/ (af854a3a-2127-422b-91ae-364da2661108)