A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-12-06T16:58:54.230Z

Updated: 2024-11-23T03:35:49.598Z

Reserved: 2023-11-30T03:30:16.241Z

Link: CVE-2023-6393

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-06T17:15:07.377

Modified: 2024-11-21T08:43:46.267

Link: CVE-2023-6393

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-11-15T00:00:00Z

Links: CVE-2023-6393 - Bugzilla