Description

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Remediation

References

CVE-2023-3628

Related Vulnerabilities

WordPress Plugin Advanced Order Export For WooCommerce Cross-Site Scripting (3.1.7)

WordPress Plugin Companion Auto Update Multiple Vulnerabilities (3.2.0)

MySQL CVE-2024-21272 Vulnerability (CVE-2024-21272)

Microsoft SQL Server CVE-2023-36417 Vulnerability (CVE-2023-36417)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5286)

Severity

Medium

Classification

CVE-2023-3628 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities