Access Restriction Bypass Affecting org.infinispan:infinispan-server-rest package, versions [,14.0.26.Final)[15.0.0.CR1,15.0.0.Dev04)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.16% (54th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JAVA-ORGINFINISPAN-6248172
  • published15 Feb 2024
  • disclosed21 Sept 2023
  • creditUnknown

Introduced: 21 Sep 2023

CVE-2023-3629  (opens in a new tab)
CWE-285  (opens in a new tab)

How to fix?

Upgrade org.infinispan:infinispan-server-rest to version 14.0.26.Final, 15.0.0.Dev04 or higher.

Overview

org.infinispan:infinispan-server-rest is an Infinispan Rest Server.

Affected versions of this package are vulnerable to Access Restriction Bypass due to improper evaluation of the necessary admin permissions in the REST API, an attacker can access information outside of their intended permissions by exploiting the flaw in the cache retrieval endpoints.

CVSS Scores

version 3.1