CVE-2023-3629

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 18, 2023
Updated: Jan 25, 2024
CWE ID 304

Summary

CVE-2023-3629 is a security vulnerability affecting Infinispan's REST Cache retrieval endpoints. The flaw permits authenticated users to access information beyond their intended permissions. Infinispan's REST endpoints fail to properly evaluate the required admin permissions for the operation, leading to unauthorized data access. This issue poses a potential risk to data confidentiality and privacy. It is essential for Infinispan users to apply the necessary patches or updates to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Red Hat Data Grid
  • Red Hat Jboss Enterprise Application Platform
  • Red Hat JBoss Data Grid

Affected Vendors

  • Red Hat