Description

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Remediation

References

CVE-2023-3629

Related Vulnerabilities

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.0.17)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8669)

WordPress Plugin NextGEN Gallery-WordPress Gallery Arbitrary File Upload (2.1.10)

Oracle JRE CVE-2022-21549 Vulnerability (CVE-2022-21549)

TYPO3 Cryptographic Issues Vulnerability (CVE-2012-3527)

Severity

Medium

Classification

CVE-2023-3629 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities