Redhat » Build Of Quarkus : Security Vulnerabilities, CVEs, (Information Leak)

CVE-2023-6393

A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data.
Max CVSS
5.3
EPSS Score
0.05%
Published
2023-12-06
Updated
2023-12-12

CVE-2023-0044

If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-02-23
Updated
2023-03-03
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close