A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2023-12-06T16:58:54.230Z
Updated: 2024-11-23T03:35:49.598Z
Reserved: 2023-11-30T03:30:16.241Z
Link: CVE-2023-6393
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-06T17:15:07.377
Modified: 2024-11-21T08:43:46.267
Link: CVE-2023-6393
Redhat