CVE-2023-4853
Quarkus: http security policy bypass
CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
| CWE | CWE-148 |
| Vendor | red hat |
| Product | openshift serverless 1 on rhel 8 |
| Published | Sep 20, 2023 |
| Last Updated | Nov 7, 2025 |
Stay Ahead of the Next One
Get instant alerts for red hat openshift serverless 1 on rhel 8
Be the first to know when new high vulnerabilities affecting red hat openshift serverless 1 on rhel 8 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Red Hat / Openshift Serverless 1 on RHEL 8
All versions affected Red Hat / Red Hat build of OptaPlanner 8
All versions affected Red Hat / Red Hat build of Quarkus 2.13.8.SP2
All versions affected Red Hat / Red Hat build of Quarkus 2.13.8.SP2
All versions affected Red Hat / Red Hat build of Quarkus 2.13.8.SP2
All versions affected Red Hat / Red Hat Camel Extensions for Quarkus 2.13.3-1
All versions affected Red Hat / Red Hat OpenShift Serverless 1.30
All versions affected Red Hat / Red Hat OpenShift Serverless 1.30
All versions affected Red Hat / Red Hat OpenShift Serverless 1.30
All versions affected Red Hat / Red Hat OpenShift Serverless 1.30
All versions affected Red Hat / Red Hat OpenShift Serverless 1.30
All versions affected Red Hat / Red Hat OpenShift Serverless 1.30
All versions affected Red Hat / Red Hat OpenShift Serverless 1.30
All versions affected Red Hat / Red Hat OpenShift Serverless 1.30
All versions affected Red Hat / Red Hat OpenShift Serverless 1.30
All versions affected Red Hat / Red Hat OpenShift Serverless 1.30
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHEL-8 based Middleware Containers
All versions affected Red Hat / RHINT Camel-K-1.10.2
All versions affected Red Hat / RHINT Service Registry 2.5.4 GA
All versions affected Red Hat / RHPAM 7.13.4 async
All versions affected Red Hat / Red Hat Process Automation 7
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2023:5170 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:5310 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:5337 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:5446 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:5479 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:5480 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:6107 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:6112 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7653 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-4853 access.redhat.com: https://access.redhat.com/security/vulnerabilities/RHSB-2023-002 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2238034