CVE-2023-5675
Published: Apr 25, 2024
Modified: Nov 20, 2025
CVSS v3.1
6.5
Description
A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties.
| Vendor | Product | Versions |
|---|---|---|
Unknown | quarkus-resteasy-reactive | affected 3.2.0 - < 3.2.10.Finalaffected 3.6.0 - < 3.6.9affected 3.7.0 - < 3.7.1unaffected 3.8.0 - < 3.8.* |
Red Hat | Red Hat build of Quarkus 2.13.9.Final | unaffected 2.13.9.Final-redhat-00003 - < * |
Red Hat | Red Hat build of Quarkus 2.13.9.Final | unaffected 2.13.9.Final-redhat-00003 - < * |
Red Hat | Red Hat build of Quarkus 3.2.9.Final | unaffected 3.2.9.Final-redhat-00003 - < * |
Red Hat | Red Hat build of Quarkus 3.2.9.Final | unaffected 3.2.9.Final-redhat-00003 - < * |
Red Hat | A-MQ Clients 2 | All versions |
Red Hat | Cryostat 2 | All versions |
Red Hat | OpenShift Serverless | All versions |
Red Hat | Red Hat build of Apicurio Registry 2 | All versions |
Red Hat | Red Hat build of OptaPlanner 8 | All versions |
Red Hat | Red Hat Fuse 7 | All versions |
Red Hat | Red Hat Integration Camel K 1 | All versions |
Red Hat | Red Hat Integration Camel Quarkus 2 | All versions |
Red Hat | Red Hat JBoss Enterprise Application Platform 8 | All versions |
Red Hat | Red Hat Process Automation 7 | All versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now