Description

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Remediation

References

CVE-2023-3629

Related Vulnerabilities

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.10)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-8155)

WordPress Plugin Google Maps v3 Shortcode Cross-Site Scripting (1.2.1)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2933)

WordPress Plugin StageShow Multiple Vulnerabilities (5.0.8)

Severity

Medium

Classification

CVE-2023-3629 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities