Insecure Access Control in Infinispan's REST Cache Retrieval Endpoints

Insecure Access Control in Infinispan's REST Cache Retrieval Endpoints

CVE-2023-3629 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

Learn more about our User Device Pen Test.