ByteOS Network

NVD Vulnerability Details :

CVE-2023-5675

Awaiting Analysis

Source-secalert@redhat.com

Published At-25 Apr, 2024 | 16:15

Updated At-01 Aug, 2024 | 13:45

A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-285	Primary	secalert@redhat.com

CWE ID: CWE-285

Type: Primary

Source: secalert@redhat.com

References

Hyperlink	Source	Resource
https://access.redhat.com/errata/RHSA-2024:0494	secalert@redhat.com	N/A
https://access.redhat.com/errata/RHSA-2024:0495	secalert@redhat.com	N/A
https://access.redhat.com/security/cve/CVE-2023-5675	secalert@redhat.com	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2245197	secalert@redhat.com	N/A