Showing 1 - 1 of 1

CVE-2023-6394

Status Candidate

Overview

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.

Related Files

Red Hat Security Advisory 2023-7612-03: Posted Dec 21, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-7612-03 - A new release of the Red Hat build of Quarkus is now available. This new release comes packed with a host of enhancements, bug fixes, and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2023-6394; SHA-256 | 500ebe066ed78afa187f9efd9f9964ae5f197e88455665dae02f13ac35b79b40; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 326 files
Ubuntu 49 files
Gentoo 32 files
Debian 24 files
Apple 9 files
malvuln 6 files
nu11secur1ty 5 files
Google Security Research 4 files
Jann Horn 4 files
Adam Gowdiak 4 files

File Archives

Systems

AIX (429)
Apple (2,088)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,047)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,781)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,912)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,514)
UNIX (9,404)
UnixWare (187)
Windows (6,660)
Other

CVE-2023-6394

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems