A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data.
Fixes

Solution

No solution given by the vendor.


Workaround

No mitigation is currently available for this flaw.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T08:11:26.500Z

Reserved: 2023-11-30T03:30:16.241Z

Link: CVE-2023-6393

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-06T17:15:07.377

Modified: 2024-11-21T08:43:46.267

Link: CVE-2023-6393

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-11-15T00:00:00Z

Links: CVE-2023-6393 - Bugzilla

cve-icon OpenCVE Enrichment

No data.