CVE-2023-3628

EUVD-2023-3198
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
redhatCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
redhatjboss_data_grid
-
redhatdata_grid
𝑥
< 8.4.4
infinispaninfinispan
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2023:5396
https://access.redhat.com/security/cve/CVE-2023-3628
https://bugzilla.redhat.com/show_bug.cgi?id=2217924
https://access.redhat.com/errata/RHSA-2023:5396
https://access.redhat.com/security/cve/CVE-2023-3628
https://bugzilla.redhat.com/show_bug.cgi?id=2217924
https://security.netapp.com/advisory/ntap-20240125-0004/