CVE-2023-3629 — Infinispan REST Server's cache retrieval endpoints do not properly evaluate the

Description

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

How to fix CVE-2023-3629

To remediate CVE-2023-3629, upgrade the affected package to a fixed version below.

—upgrade to 15.0.0.Dev04 or later

Is CVE-2023-3629 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 15.0.0.Dev01, < 15.0.0.Dev04

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (8)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-3629
PATCHgithub.com/infinispan/infinispan
WEBaccess.redhat.com/errata/RHSA-2023:5396
WEBaccess.redhat.com/security/cve/CVE-2023-3629
WEBbugzilla.redhat.com