Published: 20/09/2023 Updated: 21/12/2023

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 0

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an malicious user to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
quarkus quarkus
redhat decision manager 7.0
redhat jboss middleware text-only advisories 1.0
redhat jboss middleware 1
redhat integration service registry -
redhat integration camel quarkus -
redhat build of quarkus
redhat openshift serverless -
redhat integration camel k
redhat process automation manager 7.0
redhat build of optaplanner 8.0
redhat openshift serverless 1.0
redhat openshift_container_platform 4.10
redhat openshift_container_platform 4.11
redhat openshift_container_platform 4.12

Synopsis Important: Red Hat Integration Camel K 1102 release security update Type/Severity Security Advisory: Important Topic Red Hat Integration Camel K 1102 release and security update is now availableRed Hat Product Security has rated this update as having an impact of Important A Common Vulnerability Scoring System (CVSS) base score ...

Synopsis Important: Service Registry (container images) release and security update [254 GA] Type/Severity Security Advisory: Important Topic An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog The purpose of this text-only errata is to inform you about the security issues ...

Synopsis Important: Release of OpenShift Serverless Client kn 1301 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Serverless 1301 is now availableRed Hat Product Security has rated ...

Synopsis Important: Release of OpenShift Serverless Logic 1300 SP1 security update Type/Severity Security Advisory: Important Topic Release of OpenShift Serverless Operator 1301 and OpenShift Serverless Logic 1300 SP1Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Important: Red Hat Build of OptaPlanner 8380 SP1 Type/Severity Security Advisory: Important Topic Red Hat build of OptaPlanner 8380 for Quarkus 2138 release and securityupdate is now available The purpose of this text-only errata is to inform you about the security issues fixedRed Hat Product Security has rated this update as ...

DescriptionA flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial ...

Demonstrates using Gradle Quarkus Plugin for an app, with WireMock Dev Service

Demo: Quarkus web service with Gradle WARNING:: This branch delibirately includes old Quarkus version with CVE-2023-4853 in ioquarkus:quarkus-vertx-http Demonstrates using Gradle Quarkus Plugin for building a Quarkus a web application with Gradle, with the WireMock dev service being used for development purposes It uses Hacker News as a data source and mocks its REST API fo

ONGuard The ONGuard (OSV - NVD Guard) service integrates OSV and NVD in order to retrieve CVE vulnerabilities from the given set of package urls (purls) Upon receiving a collection of purls: { "purls": [ "pkg:maven/ioquarkus/quarkus-vertx-http@2135Final?type=jar", "pkg:maven/ioquarkus/quarkus-core@2135Final?type=jar"

CVE-2023-4853

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect