A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
https://bugzilla.redhat.com/show_bug.cgi?id=2217924
Published: 2023-12-18
Updated: 2024-09-16
Base Score: 6.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N
Severity: Medium
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: Medium
Base Score: 7.1
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Severity: High
EPSS: 0.00187