CVE-2023-6267

critical

Description

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2251155

https://access.redhat.com/security/cve/CVE-2023-6267

https://access.redhat.com/errata/RHSA-2024:0495

https://access.redhat.com/errata/RHSA-2024:0494

Details

Source: Mitre, NVD

Published: 2024-01-25

Updated: 2024-12-04

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical