A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
History

Wed, 04 Dec 2024 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-502

Sun, 24 Nov 2024 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-280

Fri, 22 Nov 2024 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-502

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-01-25T18:12:44.771Z

Updated: 2024-12-04T07:16:20.011Z

Reserved: 2023-11-23T06:34:22.287Z

Link: CVE-2023-6267

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-01-25T19:15:08.260

Modified: 2024-12-04T08:15:05.740

Link: CVE-2023-6267

cve-icon Redhat

Severity : Important

Publid Date: 2024-01-24T00:00:00Z

Links: CVE-2023-6267 - Bugzilla