CVE-2023-3629: Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions
(updated )
A flaw was found in Infinispan’s REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
References
- access.redhat.com/errata/RHSA-2023:5396
- access.redhat.com/security/cve/CVE-2023-3629
- bugzilla.redhat.com/show_bug.cgi?id=2217926
- github.com/advisories/GHSA-r4w2-hjmr-36m7
- github.com/infinispan/infinispan
- github.com/infinispan/infinispan/commit/11b3cb0f7ba68b73dd32f655ff3f3df842a0c6bd
- github.com/infinispan/infinispan/commit/1e3cc542336d2f49743ab8176ed6f1175e034c59
- nvd.nist.gov/vuln/detail/CVE-2023-3629
- security.netapp.com/advisory/ntap-20240125-0004
Code Behaviors & Features
Detect and mitigate CVE-2023-3629 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →