apk package
wolfi/infinispan-15.2
pkg:apk/wolfi/infinispan-15.2
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-5384 | — | < 15.2.6-r1 | 15.2.6-r1 | Dec 18, 2023 | A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. | ||
| CVE-2023-5236 | — | < 15.2.6-r1 | 15.2.6-r1 | Dec 18, 2023 | A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of | ||
| CVE-2023-3629 | — | < 15.2.6-r1 | 15.2.6-r1 | Dec 18, 2023 | A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. | ||
| CVE-2023-3628 | — | < 15.2.6-r1 | 15.2.6-r1 | Dec 18, 2023 | A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. |
- CVE-2023-5384Dec 18, 2023affected < 15.2.6-r1fixed 15.2.6-r1
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.
- CVE-2023-5236Dec 18, 2023affected < 15.2.6-r1fixed 15.2.6-r1
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of
- CVE-2023-3629Dec 18, 2023affected < 15.2.6-r1fixed 15.2.6-r1
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
- CVE-2023-3628Dec 18, 2023affected < 15.2.6-r1fixed 15.2.6-r1
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Page 2 of 2