CVE-2023-6267
Quarkus: json payload getting processed prior to security checks when rest resources are used with annotations.
CVSS Score
8.6
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
| CWE | CWE-755 |
| Vendor | red hat |
| Product | red hat build of quarkus 2.13.9.final |
| Published | Jan 25, 2024 |
| Last Updated | Nov 20, 2025 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat build of quarkus 2.13.9.final
Be the first to know when new high vulnerabilities affecting red hat red hat build of quarkus 2.13.9.final are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High
Affected Versions
Red Hat / Red Hat build of Quarkus 2.13.9.Final
All versions affected Red Hat / Red Hat build of Quarkus 3.2.9.Final
All versions affected Red Hat / Red Hat build of OptaPlanner 8
All versions affected Red Hat / Red Hat Fuse 7
All versions affected Red Hat / Red Hat Integration Camel K 1
All versions affected Red Hat / Red Hat Integration Camel Quarkus 2
All versions affected