Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions
High severity
GitHub Reviewed
Published
Dec 30, 2023
to the GitHub Advisory Database
•
Updated Nov 18, 2024
Package
Affected versions
>= 15.0.0.Dev01, < 15.0.0.Dev04
< 14.0.18.Final
Patched versions
15.0.0.Dev04
14.0.18.Final
Description
Published by the National Vulnerability Database
Dec 18, 2023
Published to the GitHub Advisory Database
Dec 30, 2023
Reviewed
Sep 16, 2024
Last updated
Nov 18, 2024
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
References