Filtered by vendor Quarkus
Subscriptions
Total
45 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-0981 | 2 Quarkus, Redhat | 4 Quarkus, Camel Quarkus, Quarkus and 1 more | 2024-08-02 | 8.8 High |
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended. | ||||
CVE-2023-5720 | 1 Quarkus | 1 Quarkus | 2024-08-02 | 7.7 High |
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application. | ||||
CVE-2023-1584 | 2 Quarkus, Redhat | 3 Quarkus, Quarkus, Service Registry | 2024-08-02 | 7.5 High |
A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens. | ||||
CVE-2023-0481 | 2 Quarkus, Redhat | 2 Quarkus, Quarkus | 2024-08-02 | 3.3 Low |
In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user. | ||||
CVE-2023-0044 | 2 Quarkus, Redhat | 3 Quarkus, Build Of Quarkus, Quarkus | 2024-08-02 | 6.1 Medium |
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature. |