CVE-2023-4853

HIGH EPSS 64.8%
Published Sep 20, 20232y ago · Modified Jun 17, 20261w ago
8.1 CVSS 3.1
High
Find Similar
Published Sep 20, 2023 2y ago
Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.

CVSS Details

Base Score
8.1
Exploitability
2.2
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
64.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 2

CWE-148
CWE-863 Incorrect Authorization Authorization

Affected Products 18

VendorProductVersionRange
quarkusquarkus* <2.16.11
quarkusquarkus*≥3.2.0  –  <3.2.6
quarkusquarkus*≥3.3.0  –  <3.3.3
redhatbuild_of_optaplanner8.0any
redhatbuild_of_quarkus*≥2.13.0  –  <2.13.8
redhatdecision_manager7.0any
redhatintegration_camel_k* <1.10.2
redhatintegration_camel_quarkus*any
redhatintegration_service_registry*any
redhatjboss_middleware1any
redhatjboss_middleware_text-only_advisories1.0any
redhatopenshift_serverless*any
redhatopenshift_serverless1.0any
redhatprocess_automation_manager7.0any
redhatopenshift_container_platform4.10any
redhatopenshift_container_platform4.11any
redhatopenshift_container_platform4.12any
redhatenterprise_linux8.0any

References 12

  • access.redhat.com https://access.redhat.com/errata/RHSA-2023:5170
    Vendor Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2023:5310
    Vendor Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2023:5337
    Vendor Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2023:5446
    Vendor Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2023:5479
    Vendor Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2023:5480
    Vendor Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2023:6107
    Vendor Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2023:6112
    Vendor Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2023:7653
    Vendor Advisory
  • access.redhat.com https://access.redhat.com/security/cve/CVE-2023-4853
    MitigationVendor Advisory
  • access.redhat.com https://access.redhat.com/security/vulnerabilities/RHSB-2023-002
    ExploitMitigationTechnical DescriptionVendor Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2238034
    Issue TrackingVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.