Description

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Remediation

References

CVE-2023-3628

Related Vulnerabilities

WordPress Plugin Namaste! LMS Cross-Site Scripting (2.5.9.4)

WordPress Plugin SP Project & Document Manager Cross-Site Scripting (4.25)

MySQL CVE-2020-2770 Vulnerability (CVE-2020-2770)

WordPress Plugin Contact Form Builder-a plugin for creating contact and feedback forms Security Bypass (1.0.7)

WordPress Plugin WPUpper Share Buttons Cross-Site Scripting (3.42)

Severity

Medium

Classification

CVE-2023-3628 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities