A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties.
History

Tue, 22 Oct 2024 01:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-04-25T15:44:55.582Z

Updated: 2024-11-24T12:04:07.284Z

Reserved: 2023-10-20T04:42:22.947Z

Link: CVE-2023-5675

cve-icon Vulnrichment

Updated: 2024-08-02T08:07:32.514Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-25T16:15:08.570

Modified: 2024-11-21T08:42:14.990

Link: CVE-2023-5675

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-01-24T00:00:00Z

Links: CVE-2023-5675 - Bugzilla