Description
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
Remediation
References
https://access.redhat.com/security/cve/CVE-2023-0044
https://bugzilla.redhat.com/show_bug.cgi?id=2158081
Related Vulnerabilities
CVE-2019-20364 Vulnerability in maven package org.igniterealtime.openfire:xmppserver
CVE-2019-17359 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on
CVE-2020-4077 Vulnerability in npm package electron
CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty.aggregate:jetty-all
CVE-2021-21290 Vulnerability in maven package io.netty:netty-transport