GHSA-r4w2-hjmr-36m7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r4w2-hjmr-36m7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-r4w2-hjmr-36m7/GHSA-r4w2-hjmr-36m7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-r4w2-hjmr-36m7
- Aliases
-
- CVE-2023-3629
- Published
- 2023-12-30T00:30:23Z
- Modified
- 2024-11-26T05:25:53.282991Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions
- Details
-
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
- Database specific
{ "nvd_published_at": "2023-12-18T14:15:08Z", "cwe_ids": [ "CWE-304" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-09-16T17:19:37Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-3629
- https://github.com/infinispan/infinispan/commit/11b3cb0f7ba68b73dd32f655ff3f3df842a0c6bd
- https://github.com/infinispan/infinispan/commit/1e3cc542336d2f49743ab8176ed6f1175e034c59
- https://access.redhat.com/errata/RHSA-2023:5396
- https://access.redhat.com/security/cve/CVE-2023-3629
- https://bugzilla.redhat.com/show_bug.cgi?id=2217926
- https://github.com/infinispan/infinispan
- https://security.netapp.com/advisory/ntap-20240125-0004
Affected packages
Maven / org.infinispan:infinispan-server-rest
Package
- Name
- org.infinispan:infinispan-server-rest
- View open source insights on deps.dev
- Purl
- pkg:maven/org.infinispan/infinispan-server-rest
Maven / org.infinispan:infinispan-server-rest
Package
- Name
- org.infinispan:infinispan-server-rest
- View open source insights on deps.dev
- Purl
- pkg:maven/org.infinispan/infinispan-server-rest
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.0.18.Final
Affected versions
5.*
5.0.0.FINAL
5.0.1.FINAL
5.1.0.ALPHA1
5.1.0.ALPHA2
5.1.0.BETA1
5.1.0.BETA2
5.1.0.BETA3
5.1.0.BETA4
5.1.0.BETA5
5.1.0.CR1
5.1.0.CR2
5.1.0.CR3
5.1.0.CR4
5.1.0.FINAL
5.1.1.CR1
5.1.1.FINAL
5.1.2.CR1
5.1.2.FINAL
5.1.3.CR1
5.1.3.FINAL
5.1.4.CR1
5.1.4.FINAL
5.1.5.CR1
5.1.5.FINAL
5.1.6.FINAL
5.1.7.Final
5.1.8.Final
5.2.0.ALPHA1
5.2.0.ALPHA2
5.2.0.Alpha3
5.2.0.Alpha4
5.2.0.Beta1
5.2.0.Beta2
5.2.0.Beta3
5.2.0.Beta4
5.2.0.Beta5
5.2.0.Beta6
5.2.0.CR1
5.2.0.CR2
5.2.0.CR3
5.2.0.Final
5.2.1.Final
5.2.2.Final
5.2.3.Final
5.2.4.Final
5.2.5.Final
5.2.6.Final
5.2.7.Final
5.2.8.CR1
5.2.8.Final
5.2.9.Final
5.2.10.Final
5.2.11.CR1
5.2.11.Final
5.2.12.Final
5.2.13.Final
5.2.14.Final
5.2.15.Final
5.2.18.Final
5.2.19.Final
5.2.20.Final
5.3.0.Alpha1
5.3.0.Beta1
5.3.0.Beta2
5.3.0.CR1
5.3.0.CR2
5.3.0.Final
6.*
6.0.0.Alpha1
6.0.0.Alpha2
6.0.0.Alpha3
6.0.0.Alpha4
6.0.0.Beta1
6.0.0.Beta2
6.0.0.CR1
6.0.0.Final
6.0.1.Final
6.0.2.Final
7.*
7.0.0.Alpha1
7.0.0.Alpha2
7.0.0.Alpha3
7.0.0.Alpha4
7.0.0.Alpha5
7.0.0.Beta1
7.0.0.Beta2
7.0.0.CR1
7.0.0.CR2
7.0.0.Final
7.0.1.Final
7.0.2.Final
7.0.3.Final
7.1.0.Alpha1
7.1.0.Beta1
7.1.0.CR1
7.1.0.CR2
7.1.0.Final
7.1.1.Final
7.2.0.Alpha1
7.2.0.Beta1
7.2.0.Beta2
7.2.0.CR1
7.2.0.Final
7.2.1.Final
7.2.2.Final
7.2.3.Final
7.2.4.Final
7.2.5.Final
8.*
8.0.0.Alpha1
8.0.0.Alpha2
8.0.0.Beta1
8.0.0.Beta2
8.0.0.Beta3
8.0.0.CR1
8.0.0.Final
8.0.1.Final
8.0.2.Final
8.1.0.Alpha1
8.1.0.Alpha2
8.1.0.Beta1
8.1.0.CR1
8.1.0.Final
8.1.1.Final
8.1.2.Final
8.1.3.Final
8.1.4.Final
8.1.5.Final
8.1.6.Final
8.1.7.Final
8.1.8.Final
8.1.9.Final
8.2.0.Beta1
8.2.0.Beta2
8.2.0.CR1
8.2.0.Final
8.2.1.Final
8.2.2.Final
8.2.3.Final
8.2.4.Final
8.2.5.Final
8.2.6.Final
8.2.7.Final
8.2.8.Final
8.2.10.Final
8.2.11.Final
8.2.12.Final
9.*
9.0.0.Alpha1
9.0.0.Alpha2
9.0.0.Alpha3
9.0.0.Alpha4
9.0.0.Beta1
9.0.0.Beta2
9.0.0.CR1
9.0.0.CR2
9.0.0.CR3
9.0.0.CR4
9.0.0.Final
9.0.1.Final
9.0.2.Final
9.0.3.Final
9.1.0.Alpha1
9.1.0.Beta1
9.1.0.CR1
9.1.0.Final
9.1.1.Final
9.1.2.Final
9.1.3.Final
9.1.4.Final
9.1.5.Final
9.1.6.Final
9.1.7.Final
9.2.0.Alpha1
9.2.0.Alpha2
9.2.0.Beta1
9.2.0.Beta2
9.2.0.CR1
9.2.0.CR2
9.2.0.CR3
9.2.0.Final
9.2.1.Final
9.2.2.Final
9.2.3.Final
9.2.4.Final
9.2.5.Final
9.3.0.Alpha1
9.3.0.Beta1
9.3.0.CR1
9.3.0.Final
9.3.1.Final
9.3.2.Final
9.3.3.Final
9.3.4.Final
9.3.5.Final
9.3.6.Final
9.3.8.Final
9.3.9.Final
9.4.0.Alpha1
9.4.0.Beta1
9.4.0.CR1
9.4.0.CR2
9.4.0.CR3
9.4.0.Final
9.4.1.Final
9.4.2.Final
9.4.3.Final
9.4.4.Final
9.4.5.Final
9.4.6.Final
9.4.7.Final
9.4.8.Final
9.4.9.Final
9.4.10.Final
9.4.11.Final
9.4.12.Final
9.4.13.Final
9.4.14.Final
9.4.15.Final
9.4.16.Final
9.4.17.Final
9.4.18.Final
9.4.19.Final
9.4.20.Final
9.4.21.Final
9.4.22.Final
9.4.23.Final
9.4.24.Final
10.*
10.0.0.Alpha1
10.0.0.Alpha2
10.0.0.Alpha3
10.0.0.Beta1
10.0.0.Beta2
10.0.0.Beta3
10.0.0.Beta4
10.0.0.Beta5
10.0.0.CR1
10.0.0.CR2
10.0.0.CR3
10.0.0.Final
10.0.1.Final
10.1.0.Beta1
10.1.0.CR1
10.1.0.Final
10.1.1.Final
10.1.2.Final
10.1.3.Final
10.1.4.Final
10.1.5.Final
10.1.6.Final
10.1.7.Final
10.1.8.Final
10.1.9.Final
11.*
11.0.0.Alpha
11.0.0.Alpha1
11.0.0.Alpha2
11.0.0.CR1
11.0.0.Final
11.0.0.Dev03
11.0.0.Dev04
11.0.0.Dev05
11.0.1.Final
11.0.2.Final
11.0.3.Final
11.0.4.Final
11.0.5.Final
11.0.6.Final
11.0.7.Final
11.0.8.Final
11.0.9.Final
11.0.10.Final
11.0.11.Final
11.0.13.Final
11.0.14.Final
11.0.15.Final
11.0.16.Final
11.0.17.Final
11.0.18.Final
11.0.19.Final
12.*
12.0.0.CR1
12.0.0.Final
12.0.0.Dev01
12.0.0.Dev02
12.0.0.Dev03
12.0.0.Dev3
12.0.0.Dev04
12.0.0.Dev05
12.0.0.Dev06
12.0.0.Dev07
12.0.1.Final
12.0.2.Final
12.1.0.CR1
12.1.0.CR2
12.1.0.Final
12.1.0.Dev01
12.1.1.Final
12.1.2.Final
12.1.3.Final
12.1.4.Final
12.1.5.Final
12.1.6.Final
12.1.7.Final
12.1.8.Final
12.1.9.Final
12.1.10.Final
12.1.11.Final
12.1.12.Final
12.1.13.Final
12.1.14.Final
12.1.15.Final
12.1.16.Final
13.*
13.0.0.CR1
13.0.0.CR2
13.0.0.Final
13.0.0.Dev01
13.0.0.Dev02
13.0.0.Dev03
13.0.0.Dev04
13.0.1.Final
13.0.2.Final
13.0.3.Final
13.0.4.Final
13.0.5.Final
13.0.6.Final
13.0.7.Final
13.0.8.Final
13.0.9.Final
13.0.10.Final
13.0.11.Final
13.0.12.Final
13.0.13.Final
13.0.14.Final
13.0.15.Final
13.0.16.Final
13.0.17.Final
13.0.18.Final
13.0.19.Final
13.0.20.Final
13.0.21.Final
13.0.22.Final
14.*
14.0.0.CR1
14.0.0.CR2
14.0.0.Final
14.0.0.Dev01
14.0.0.Dev02
14.0.0.Dev03
14.0.0.Dev04
14.0.1.Final
14.0.2.Final
14.0.3.Final
14.0.4.Final
14.0.5.Final
14.0.6.Final
14.0.7.Final
14.0.8.Final
14.0.9.Final
14.0.10.Final
14.0.11.Final
14.0.12.Final
14.0.13.Final
14.0.14.Final
14.0.15.Final
14.0.16.Final
14.0.17.Final