Home > Vulnerability Database > CVE-2023-3628

Mend.io Vulnerability Database

CVE-2023-3628

Good to know:

Date: December 18, 2023

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Language: Java

Severity Score

6.5

Related Resources (10)

Url: https://access.redhat.com/security/cve/CVE-2023-3628

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2217924

Url: https://github.com/infinispan/infinispan/commit/b34488dcab8bdd4258972568b8405ee7111276ec

Url: https://security.netapp.com/advisory/ntap-20240125-0004/

Url: https://security.netapp.com/advisory/ntap-20240125-0004

Url: https://github.com/infinispan/infinispan

Url: https://access.redhat.com/errata/RHSA-2023:5396

Url: https://github.com/infinispan/infinispan/commit/70a50352d9195753a588d0fba8c2063b99f96263

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-3628

Url: https://www.mend.io/vulnerability-database/CVE-2023-3628

Severity Score

6.5

Weakness Type (CWE)

Missing Critical Step in Authentication

CWE-304

Top Fix

Upgrade Version

Upgrade to version org.infinispan:infinispan-server-rest:15.0.0.Dev04;org.infinispan:infinispan-server-rest:14.0.18.Final

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-3628

Good to know:

Date: December 18, 2023

Language: Java

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?