A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2023:5170 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:5310 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:5337 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:5446 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:5479 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:5480 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:6107 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:6112 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2023:7653 | Vendor Advisory |
https://access.redhat.com/security/cve/CVE-2023-4853 | Mitigation Vendor Advisory |
https://access.redhat.com/security/vulnerabilities/RHSB-2023-002 | Exploit Mitigation Technical Description Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2238034 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2023-09-20T09:47:32.150Z
Updated: 2024-05-01T20:21:18.280Z
Reserved: 2023-09-08T16:10:38.379Z
Link: CVE-2023-4853
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-09-20T10:15:14.947
Modified: 2023-12-21T01:02:06.017
Link: CVE-2023-4853
JSON object: View
Redhat Information
No data.