CVE-2023-6267
Last modified
CVE-2023-6267 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. EPSS estimates a 0.72% chance of exploitation in the next 30 days.
Description
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Quarkus | Quarkus | < 2.13.9 |
| Quarkus | Quarkus | >= 3.0.0, < 3.2.9 |
| Quarkus | Quarkus | 2.13.9 |
| Quarkus | Quarkus | 3.2.9 |
References
- https://access.redhat.com/security/cve/CVE-2023-6267Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2251155Issue Tracking, Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2023-6267Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2251155Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-6267?
How severe is CVE-2023-6267?
How do I fix CVE-2023-6267?
Are you affected by CVE-2023-6267?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST