cve/2023/CVE-2023-3628.md

### [CVE-2023-3628](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3628)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208.4.4&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%206&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Critical%20Step%20in%20Authentication&color=brighgreen)

### Description

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-3628](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3628)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208.4.4&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%206&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Critical%20Step%20in%20Authentication&color=brighgreen)`

			`### Description`

			`A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`