CVE-2023-6393

Published: Dec 6, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data.

Affected (1)

Products: Redhat: Build Of Quarkus

1 product

Build Of Quarkus

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Build Of Quarkus	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (5)

https://access.redhat.com/errata/RHSA-2023:7700

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2023-6393

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2253113

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://access.redhat.com/security/cve/CVE-2023-6393

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2253113

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.