Vulnerabilities > CVE-2023-6394 - Missing Authorization vulnerability in multiple products

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

quarkus

redhat

CWE-862

critical

NVD

Published: 2023-12-09

Updated: 2023-12-20

Summary

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.

Vulnerable Configurations

Part	Description	Count
Application	Quarkus Quarkus Quarkus 0.0.1 Quarkus Quarkus 0.1.0 Quarkus Quarkus 0.2.0 Quarkus Quarkus 0.3.0 Quarkus Quarkus 0.4.0 Quarkus Quarkus 0.5.0 Quarkus Quarkus 0.6.0 Quarkus Quarkus 0.7.0 Quarkus Quarkus 0.8.0 Quarkus Quarkus 0.9.0 Quarkus Quarkus 0.9.1 Quarkus Quarkus 0.10.0 Quarkus Quarkus 0.11.0 Quarkus Quarkus 0.12.0 Quarkus Quarkus 0.13.0 Quarkus Quarkus 0.13.1 Quarkus Quarkus 0.13.2 Quarkus Quarkus 0.13.3 Quarkus Quarkus 0.14.0 Quarkus Quarkus 0.15.0 Quarkus Quarkus 0.16.0 Quarkus Quarkus 0.16.1 Quarkus Quarkus 0.17.0 Quarkus Quarkus 0.18.0 Quarkus Quarkus 0.19.0 Quarkus Quarkus 0.19.1 Quarkus Quarkus 0.20.0 Quarkus Quarkus 0.21.0 Quarkus Quarkus 0.21.1 Quarkus Quarkus 0.21.2 Quarkus Quarkus 0.22.0 Quarkus Quarkus 0.23.0 Quarkus Quarkus 0.23.1 Quarkus Quarkus 0.23.2 Quarkus Quarkus 0.24.0 Quarkus Quarkus 0.25.0 Quarkus Quarkus 0.26.0 Quarkus Quarkus 0.26.1 Quarkus Quarkus 0.27.0 Quarkus Quarkus 0.28.0 Quarkus Quarkus 0.28.1 Quarkus Quarkus 1.0.0 Quarkus Quarkus 1.0.1 Quarkus Quarkus 1.1.0 Quarkus Quarkus 1.1.1 Quarkus Quarkus 1.2.0 Quarkus Quarkus 1.2.1 Quarkus Quarkus 1.3.0 Quarkus Quarkus 1.3.1 Quarkus Quarkus 1.3.2 Quarkus Quarkus 1.3.3 Quarkus Quarkus 1.3.4 Quarkus Quarkus 1.4.0 Quarkus Quarkus 1.4.1 Quarkus Quarkus 1.4.2 Quarkus Quarkus 1.5.0 Quarkus Quarkus 1.5.1 Quarkus Quarkus 1.5.2 Quarkus Quarkus 1.6.0 Quarkus Quarkus 1.6.1 Quarkus Quarkus 1.7.0 Quarkus Quarkus 1.7.1 Quarkus Quarkus 1.7.2 Quarkus Quarkus 1.7.3 Quarkus Quarkus 1.7.4 Quarkus Quarkus 1.7.5 Quarkus Quarkus 1.7.6 Quarkus Quarkus 1.8.0 Quarkus Quarkus 1.8.1 Quarkus Quarkus 1.8.2 Quarkus Quarkus 1.8.3 Quarkus Quarkus 1.9.0 Quarkus Quarkus 1.9.1 Quarkus Quarkus 1.9.2 Quarkus Quarkus 1.10.0 Quarkus Quarkus 1.10.1 Quarkus Quarkus 1.10.2 Quarkus Quarkus 1.10.3 Quarkus Quarkus 1.10.4 Quarkus Quarkus 1.10.5 Quarkus Quarkus 1.11.0 Quarkus Quarkus 1.11.1 Quarkus Quarkus 1.11.2 Quarkus Quarkus 1.11.3 Quarkus Quarkus 1.11.4 Quarkus Quarkus 1.11.5 Quarkus Quarkus 1.11.6 Quarkus Quarkus 1.11.7 Quarkus Quarkus 1.12.0 Quarkus Quarkus 1.12.1 Quarkus Quarkus 1.12.2 Quarkus Quarkus 1.13.0 Quarkus Quarkus 1.13.1 Quarkus Quarkus 1.13.2 Quarkus Quarkus 1.13.3 Quarkus Quarkus 1.13.4 Quarkus Quarkus 1.13.5 Quarkus Quarkus 1.13.6 Quarkus Quarkus 1.13.7 Quarkus Quarkus 2.0.0 Quarkus Quarkus 2.0.1 Quarkus Quarkus 2.0.2 Quarkus Quarkus 2.0.3 Quarkus Quarkus 2.1.0 Quarkus Quarkus 2.1.1 Quarkus Quarkus 2.1.2 Quarkus Quarkus 2.1.3 Quarkus Quarkus 2.1.4 Quarkus Quarkus 2.2.0 Quarkus Quarkus 2.2.1 Quarkus Quarkus 2.2.2 Quarkus Quarkus 2.2.3 Quarkus Quarkus 2.2.4 Quarkus Quarkus 2.2.5 Quarkus Quarkus 2.3.0 Quarkus Quarkus 2.3.1 Quarkus Quarkus 2.4.0 Quarkus Quarkus 2.4.1 Quarkus Quarkus 2.4.2 Quarkus Quarkus 2.5.0 Quarkus Quarkus 2.5.1 Quarkus Quarkus 2.5.2 Quarkus Quarkus 2.5.3 Quarkus Quarkus 2.5.4 Quarkus Quarkus 2.6.0 Quarkus Quarkus 2.6.1 Quarkus Quarkus 2.6.2 Quarkus Quarkus 2.6.3 Quarkus Quarkus 2.7.0 Quarkus Quarkus 2.7.1 Quarkus Quarkus 2.7.2 Quarkus Quarkus 2.7.3 Quarkus Quarkus 2.7.4 Quarkus Quarkus 2.7.5 Quarkus Quarkus 2.8.0 Quarkus Quarkus 2.8.1 Quarkus Quarkus 2.8.2 Quarkus Quarkus 2.8.3 Quarkus Quarkus 2.9.0 Quarkus Quarkus 2.9.1 Quarkus Quarkus 2.9.2 Quarkus Quarkus 2.10.0 Quarkus Quarkus 2.10.1 Quarkus Quarkus 2.10.2 Quarkus Quarkus 2.10.3 Quarkus Quarkus 2.10.4 Quarkus Quarkus 2.11.0 Quarkus Quarkus 2.11.1 Quarkus Quarkus 2.11.2 Quarkus Quarkus 2.11.3 Quarkus Quarkus 2.12.0 Quarkus Quarkus 2.12.1 Quarkus Quarkus 2.12.2 Quarkus Quarkus 2.12.3 Quarkus Quarkus 2.13.0 Quarkus Quarkus 2.13.1 Quarkus Quarkus 2.13.2 Quarkus Quarkus 2.13.3 Quarkus Quarkus 2.13.4 Quarkus Quarkus 2.13.5 Quarkus Quarkus 2.13.6 Quarkus Quarkus 2.13.7 Quarkus Quarkus 2.13.8 Quarkus Quarkus 2.13.9 Quarkus Quarkus 2.14.0 Quarkus Quarkus 2.14.1 Quarkus Quarkus 2.14.2 Quarkus Quarkus 2.14.3 Quarkus Quarkus 2.15.0 Quarkus Quarkus 2.15.1 Quarkus Quarkus 2.15.2 Quarkus Quarkus 2.15.3 Quarkus Quarkus 2.16.0 Quarkus Quarkus 2.16.1 Quarkus Quarkus 2.16.2 Quarkus Quarkus 2.16.3 Quarkus Quarkus 2.16.4 Quarkus Quarkus 2.16.5 Quarkus Quarkus 2.16.6 Quarkus Quarkus 2.16.7 Quarkus Quarkus 2.16.8 Quarkus Quarkus 2.16.9 Quarkus Quarkus 2.16.10 Quarkus Quarkus 2.16.11 Quarkus Quarkus 3.0.0 Quarkus Quarkus 3.0.1 Quarkus Quarkus 3.0.2 Quarkus Quarkus 3.0.3 Quarkus Quarkus 3.0.4 Quarkus Quarkus 3.1.0 Quarkus Quarkus 3.1.1 Quarkus Quarkus 3.1.2 Quarkus Quarkus 3.1.3 Quarkus Quarkus 3.2.0 Quarkus Quarkus 3.2.1 Quarkus Quarkus 3.2.2 Quarkus Quarkus 3.2.3 Quarkus Quarkus 3.2.4 Quarkus Quarkus 3.2.5 Quarkus Quarkus 3.2.6 Quarkus Quarkus 3.2.7 Quarkus Quarkus 3.2.8 Quarkus Quarkus 3.2.9 Quarkus Quarkus 3.3.0 Quarkus Quarkus 3.3.3 Quarkus Quarkus 3.4.0 Quarkus Quarkus 3.4.1 Quarkus Quarkus 3.4.2 Quarkus Quarkus 3.4.3 Quarkus Quarkus 3.5.0 Quarkus Quarkus 3.5.1 Quarkus Quarkus 3.5.2 Quarkus Quarkus 3.5.3	282
Application	Redhat Redhat Build OF Quarkus -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References