Skip to content

Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions

Moderate severity GitHub Reviewed Published Dec 30, 2023 to the GitHub Advisory Database • Updated Sep 16, 2024

Package

maven org.infinispan:infinispan-server-rest (Maven)

Affected versions

>= 15.0.0.Dev01, < 15.0.0.Dev04
< 14.0.18.Final

Patched versions

15.0.0.Dev04
14.0.18.Final

Description

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

References

Published by the National Vulnerability Database Dec 18, 2023
Published to the GitHub Advisory Database Dec 30, 2023
Reviewed Sep 16, 2024
Last updated Sep 16, 2024

Severity

Moderate

EPSS score

0.057%
(24th percentile)

Weaknesses

CVE ID

CVE-2023-3629

GHSA ID

GHSA-r4w2-hjmr-36m7

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.