Vulnerability DatabaseCVE-2023-3629
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-3629
December 18, 2023
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Affected Packages
org.infinispan:infinispan-server-rest (JAVA):
Affected version(s) >=15.0.0.Dev01 <15.0.0.Dev04
Fix Suggestion:
Update to version 15.0.0.Dev04
org.infinispan:infinispan-server-rest (JAVA):
Affected version(s) >=4.0.0.BETA2 <14.0.18.Final
Fix Suggestion:
Update to version 14.0.18.Final
Related ResourcesĀ (9)
https://nvd.nist.gov/vuln/detail/CVE-2023-3629
https://access.redhat.com/security/cve/CVE-2023-3629
https://security.netapp.com/advisory/ntap-20240125-0004
https://github.com/infinispan/infinispan
https://github.com/infinispan/infinispan/commit/11b3cb0f7ba68b73dd32f655ff3f3df842a0c6bd
https://github.com/infinispan/infinispan/commit/1e3cc542336d2f49743ab8176ed6f1175e034c59
https://access.redhat.com/errata/RHSA-2023:5396
https://bugzilla.redhat.com/show_bug.cgi?id=2217926
https://security.netapp.com/advisory/ntap-20240125-0004/
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Missing Critical Step in Authentication
CWE-304
EPSS
Base Score:
0.10