CVE-2023-4853
Published: Sep 20, 2023
Modified: Nov 7, 2025
CVSS v3.1
8.1
Description
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
| Vendor | Product | Versions |
|---|---|---|
Red Hat | Openshift Serverless 1 on RHEL 8 | unaffected 0:1.9.2-3.el8 - < * |
Red Hat | Red Hat build of OptaPlanner 8 | All versions |
Red Hat | Red Hat build of Quarkus 2.13.8.SP2 | unaffected 2.13.8.Final-redhat-00005 - < * |
Red Hat | Red Hat build of Quarkus 2.13.8.SP2 | unaffected 2.13.8.Final-redhat-00005 - < * |
Red Hat | Red Hat build of Quarkus 2.13.8.SP2 | unaffected 2.13.8.Final-redhat-00005 - < * |
Red Hat | Red Hat Camel Extensions for Quarkus 2.13.3-1 | All versions |
Red Hat | Red Hat OpenShift Serverless 1.30 | unaffected 1.9.2-3 - < * |
Red Hat | Red Hat OpenShift Serverless 1.30 | unaffected 1.30.1-1 - < * |
Red Hat | Red Hat OpenShift Serverless 1.30 | unaffected 1.30.1-1 - < * |
Red Hat | Red Hat OpenShift Serverless 1.30 | unaffected 1.9.2-3 - < * |
Red Hat | Red Hat OpenShift Serverless 1.30 | unaffected 1.30.1-1 - < * |
Red Hat | Red Hat OpenShift Serverless 1.30 | unaffected 1.30.1-1 - < * |
Red Hat | Red Hat OpenShift Serverless 1.30 | unaffected 1.30.1-1 - < * |
Red Hat | Red Hat OpenShift Serverless 1.30 | unaffected 1.30.0-5 - < * |
Red Hat | Red Hat OpenShift Serverless 1.30 | unaffected 1.30.0-6 - < * |
Red Hat | Red Hat OpenShift Serverless 1.30 | unaffected 1.30.0-6 - < * |
Red Hat | RHEL-8 based Middleware Containers | unaffected 7.13.4-3 - < * |
Red Hat | RHEL-8 based Middleware Containers | unaffected 7.13.4-2 - < * |
Red Hat | RHEL-8 based Middleware Containers | unaffected 7.13.4-2 - < * |
Red Hat | RHEL-8 based Middleware Containers | unaffected 7.13.4-3 - < * |
Red Hat | RHEL-8 based Middleware Containers | unaffected 7.13.4-3 - < * |
Red Hat | RHINT Camel-K-1.10.2 | All versions |
Red Hat | RHINT Service Registry 2.5.4 GA | All versions |
Red Hat | RHPAM 7.13.4 async | All versions |
Red Hat | Red Hat Process Automation 7 | All versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now