A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NQuarkus
APPQuarkus< 3.6.0Red Hat Build Of Quarkus
APPRedhatwszystkie wersje
Related vulnerabilities
Quarkus WebAuthn: pominięcie uwierzytelnienia przez domyślne endpointy REST
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable t...
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictab...
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may ...
Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1...