[MAVEN:GHSA-MVXP-3J62-JQR6] Infinispan Rest API Does Not Enforce Auth Constraints

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.

Package	Affected Version
pkg:maven/org.infinispan/infinispan-server-core	< 9.0.0

Package	Fixed Version
pkg:maven/org.infinispan/infinispan-server-core	= 9.0.0

ID: MAVEN:GHSA-MVXP-3J62-JQR6
Severity: moderate
URL: https://github.com/advisories/GHSA-mvxp-3j62-jqr6
Published: 2022-05-13T01:36:52
(2 years ago)
Modified: 2023-07-31T22:13:09
(13 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2017-2638
			https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638
			https://issues.jboss.org/browse/ISPN-7485
			http://rhn.redhat.com/errata/RHSA-2017-1097.html
			http://www.securityfocus.com/bid/97964
			https://github.com/infinispan/infinispan/pull/4936
			https://github.com/advisories/GHSA-mvxp-3j62-jqr6

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.infinispan/infinispan-server-core	org.infinispan	infinispan-server-core	< 9.0.0
Fixed	pkg:maven/org.infinispan/infinispan-server-core	org.infinispan	infinispan-server-core	= 9.0.0

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date