CVE-2023-0044

Published: Feb 23, 2023

Modified: Mar 12, 2025

PUBLISHED

Description

If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.

Vendor	Product	Versions
n/a	quarkus-vertx-http	affected `1.11.7`

References

https://access.redhat.com/security/cve/CVE-2023-0044

https://bugzilla.redhat.com/show_bug.cgi?id=2158081

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-0044

Description

Affected Products

References