Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-5675

Good to know:

icon

Date: April 25, 2024

A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties.

Language: Java

Severity Score

Related Resources (11)

https://github.com/quarkusio/quarkus/commit/d802748128cd1932279b7c334f3792d481814ef5
https://github.com/quarkusio/quarkus/commit/b7dd69a3012a872f2846d73072ff232e07da74dd
https://bugzilla.redhat.com/show_bug.cgi?id=2245197
https://nvd.nist.gov/vuln/detail/CVE-2023-5675
https://access.redhat.com/security/cve/CVE-2023-5675
https://github.com/quarkusio/quarkus/commit/bf2ef6c504b989f74ceb5947d823b6ab208f8b6e
https://access.redhat.com/errata/RHSA-2024:0494
https://access.redhat.com/errata/RHSA-2024:0495
https://github.com/quarkusio/quarkus
https://github.com/quarkusio/quarkus/commit/c026b1cf6f2e07cc50b65c824d922319248d9341
https://www.mend.io/vulnerability-database/CVE-2023-5675

Severity Score

Weakness Type (CWE)

Authentication Issues

CWE-287

Improper Authorization

CWE-285

Top Fix

icon

Upgrade Version

Upgrade to version io.quarkus:quarkus-resteasy:3.6.8, io.quarkus:quarkus-resteasy-deployment:3.6.8, io.quarkus:quarkus-resteasy-reactive:3.6.8, io.quarkus:quarkus-resteasy-reactive-common-deployment:3.6.8, io.quarkus:quarkus-security:3.6.8, io.quarkus:quarkus-security-deployment:3.6.8, io.quarkus:quarkus-security-runtime-spi:3.6.8, io.quarkus.resteasy.reactive:resteasy-reactive-common-processor:3.6.8

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us