Description

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Remediation

References

CVE-2023-3629

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-30154)

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Security Bypass (3.11.8)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-4319)

WordPress Plugin Team Members Unspecified Vulnerability (2.1.2)

WordPress 5.3.x PHP Object Injection (5.3 - 5.3.7)

Severity

Medium

Classification

CVE-2023-3629 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities