Vulnerability DatabaseCVE-2023-3628
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-3628
December 18, 2023
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Affected Packages
org.infinispan:infinispan-server-rest (JAVA):
Affected version(s) >=15.0.0.Dev01 <15.0.0.Dev04
Fix Suggestion:
Update to version 15.0.0.Dev04
org.infinispan:infinispan-server-rest (JAVA):
Affected version(s) >=4.0.0.BETA2 <14.0.18.Final
Fix Suggestion:
Update to version 14.0.18.Final
Related ResourcesĀ (9)
https://security.netapp.com/advisory/ntap-20240125-0004
https://nvd.nist.gov/vuln/detail/CVE-2023-3628
https://github.com/infinispan/infinispan/commit/b34488dcab8bdd4258972568b8405ee7111276ec
https://bugzilla.redhat.com/show_bug.cgi?id=2217924
https://security.netapp.com/advisory/ntap-20240125-0004/
https://github.com/infinispan/infinispan
https://github.com/infinispan/infinispan/commit/70a50352d9195753a588d0fba8c2063b99f96263
https://access.redhat.com/security/cve/CVE-2023-3628
https://access.redhat.com/errata/RHSA-2023:5396
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Missing Critical Step in Authentication
CWE-304
EPSS
Base Score:
0.09