HIGH🇵🇱 Wersja polska

CVE-2023-4853

CVSS 8.1v3.1pub. 2023-09-20upd. 2024-11-21

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Quarkus

    APP
    Quarkus
    < 2.16.113.2.0 – 3.2.6 (bez)3.3.0 – 3.3.3 (bez)
  • Red Hat Build Of Optaplanner

    APP
    Redhat
    8.0
  • Red Hat Build Of Quarkus

    APP
    Redhat
    2.13.0 – 2.13.8 (bez)
  • Red Hat Decision Manager

    APP
    Redhat
    7.0
  • Red Hat Enterprise Linux

    OS
    Redhat
    8.0
  • Red Hat Integration Camel K

    APP
    Redhat
    < 1.10.2
  • Red Hat Integration Camel Quarkus

    APP
    Redhat
    wszystkie wersje
  • Red Hat Integration Service Registry

    APP
    Redhat
    wszystkie wersje
  • Red Hat Jboss Middleware

    APP
    Redhat
    1
  • Red Hat Jboss Middleware Text Only Advisories

    APP
    Redhat
    1.0
  • Red Hat OpenShift Container Platform

    APP
    Redhat
    4.104.114.12
  • Red Hat Openshift Serverless

    APP
    Redhat
    1.0
  • Red Hat Process Automation Manager

    APP
    Redhat
    7.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2019-7609CRITICAL10.0⚠ KEVten sam produkt

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. A...

CVE-2019-1003029CRITICAL9.9⚠ KEVten sam produkt

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/...

CVE-2019-1003030CRITICAL9.9⚠ KEVten sam produkt

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main...