A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties.
Metrics
Affected Vendors & Products
References
History
Tue, 22 Oct 2024 01:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-25T15:44:55.582Z
Updated: 2024-10-22T00:46:35.102Z
Reserved: 2023-10-20T04:42:22.947Z
Link: CVE-2023-5675
Vulnrichment
Updated: 2024-08-02T08:07:32.514Z
NVD
Status : Awaiting Analysis
Published: 2024-04-25T16:15:08.570
Modified: 2024-08-01T13:45:45.357
Link: CVE-2023-5675
Redhat