Description
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions |
|---|---|---|---|
| Red Hat | Red Hat Data Grid 8.4.4 | unaffected | — |
| Red Hat | Red Hat JBoss Enterprise Application Platform 6 | unknown | — |
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Data Grid 8.4.4 | |||
| infinispan | cpe:/a:redhat:jboss_data_grid:8 | RHSA-2023:5396 | 2023-09-28T00:00:00Z |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-3198 | A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. |
 Github GHSA |
GHSA-fhr7-8jx4-r9cp | Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions |
References
History
Fri, 22 Nov 2024 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Mon, 16 Sep 2024 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-11-07T10:41:24.777Z
Reserved: 2023-07-11T20:37:22.734Z
Link: CVE-2023-3628
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-18T14:15:08.323
Modified: 2024-11-21T08:17:42.490
Link: CVE-2023-3628
Redhat
OpenCVE Enrichment
No data.
Weaknesses