A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-09-20T09:47:32.150Z

Updated: 2024-11-23T01:02:43.871Z

Reserved: 2023-09-08T16:10:38.379Z

Link: CVE-2023-4853

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-09-20T10:15:14.947

Modified: 2024-11-21T08:36:06.910

Link: CVE-2023-4853

cve-icon Redhat

Severity : Important

Publid Date: 2023-09-08T00:00:00Z

Links: CVE-2023-4853 - Bugzilla