Main Vulnerability Database Vulnerabilities #VU80813

Security features bypass in Red Hat build of Quarkus - CVE-2023-4853

Published: September 15, 2023

Vulnerability identifier: #VU80813

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-4853

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Red Hat Inc.

Affected software:
Red Hat build of Quarkus

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to implemented HTTP security policies do not correctly sanitize certain character permutations, which may result in incorrect evaluation of permissions. A remote attacker can bypass the security policy altogether and gain unauthorized access to endpoints or perform a denial of service (DoS) attack.

How to mitigate CVE-2023-4853

Install updates from vendor's website.

Security features bypass in Red Hat build of Quarkus - CVE-2023-4853

Detailed vulnerability description

How to mitigate CVE-2023-4853

Sources

Please verify you're human