A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2023-12-09T01:26:52.908Z
Updated: 2024-08-28T14:25:33.171Z
Reserved: 2023-11-30T04:05:52.129Z
Link: CVE-2023-6394
Vulnrichment
Updated: 2024-08-02T08:28:21.766Z
NVD
Status : Modified
Published: 2023-12-09T02:15:06.747
Modified: 2024-08-02T13:15:55.083
Link: CVE-2023-6394
Redhat