Home > Vulnerability Database > CVE-2023-5675

Mend.io Vulnerability Database

CVE-2023-5675

Good to know:

Date: April 25, 2024

A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties.

Language: Java

Severity Score

6.5

Related Resources (7)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2245197

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-5675

Url: https://access.redhat.com/security/cve/CVE-2023-5675

Url: https://access.redhat.com/errata/RHSA-2024:0494

Url: https://access.redhat.com/errata/RHSA-2024:0495

Url: https://github.com/quarkusio/quarkus/commit/796c38a283818803e33e8e0c1a7c4aefe901bf89

Url: https://www.mend.io/vulnerability-database/CVE-2023-5675

Severity Score

6.5

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

Upgrade Version

Upgrade to version io.quarkus:quarkus-resteasy:3.6.8, io.quarkus:quarkus-resteasy-deployment:3.6.8, io.quarkus:quarkus-resteasy-reactive:3.6.8, io.quarkus:quarkus-resteasy-reactive-common-deployment:3.6.8, io.quarkus:quarkus-security:3.6.8, io.quarkus:quarkus-security-deployment:3.6.8, io.quarkus:quarkus-security-runtime-spi:3.6.8, io.quarkus.resteasy.reactive:resteasy-reactive-common-processor:3.6.8

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-5675

Good to know:

Date: April 25, 2024

Language: Java

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?