Description
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Remediation
References
Related Vulnerabilities
Magento Incorrect Authorization Vulnerability (CVE-2021-28567)
WordPress Plugin Recipe Card Blocks for Gutenberg & Elementor Cross-Site Scripting (2.8.2)
WordPress Plugin RSS Post Importer Unspecified Vulnerability (2.5.0)
XWiki Improper Access Control Vulnerability (CVE-2023-29513)
Oracle Database Server CVE-2011-2248 Vulnerability (CVE-2011-2248)