Overview
- Description
- A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
- secalert@redhat.com
- CWE-304
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:data_grid:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6401304-B700-4F69-9385-66B7398C55D8",
"versionEndExcluding": "8.4.4"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BF03A52-4068-47EA-8846-1E5FB708CE1A"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68E89E9D-88CA-4BCC-8871-EF4AF913D871"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:infinispan:infinispan:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6718434-9048-42D0-8E70-40531CA83A16"
}
],
"operator": "OR"
}
]
}
]