A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Tue, 22 Oct 2024 01:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-23T05:19:53.372Z

Reserved: 2023-10-20T04:42:22.947Z

Link: CVE-2023-5675

cve-icon Vulnrichment

Updated: 2024-08-02T08:07:32.514Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-25T16:15:08.570

Modified: 2024-11-21T08:42:14.990

Link: CVE-2023-5675

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-01-24T00:00:00Z

Links: CVE-2023-5675 - Bugzilla

cve-icon OpenCVE Enrichment

No data.