CVE-2023-5675

CVSS V2 None CVSS V3 None
Description
A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties.
Overview
  • CVE ID
  • CVE-2023-5675
  • Assigner
  • redhat
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-04-25T15:44:55.582Z
  • Last Modified Date
  • 2024-06-18T23:38:56.767Z
References
Reference URL Reference Tags
https://access.redhat.com/errata/RHSA-2024:0494 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0495 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5675 vdb-entry x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2245197 issue-tracking x_refsource_REDHAT
History
Created Old Value New Value Data Type Notes
2024-06-25 05:18:29 Added to TrackCVE