VDB
CVE-2023-6393
CVE-2023-6393
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Quarkus Cache Runtime exposes sensitive information to an unauthorized actor
EPSS 0.20% · 42.1th percentile
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.20%
42.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | io.quarkus:quarkus-cache | 3.3.0, 3.2.0, 3.3.0.CR1 |
| Red Hat | Red Hat build of Quarkus 2.13.9.Final | 2.13.9.Final-redhat-00002, * |
| Red Hat | Red Hat build of Quarkus | |
| redhat | build_of_quarkus |
Timeline
- Dec 6, 2023 CVE Published
- Dec 7, 2023 EPSS Score
- Dec 30, 2023 PoC Published
- Jan 5, 2024 EPSS Score
- Feb 4, 2024 EPSS Score
- Mar 4, 2024 EPSS Score
- Apr 3, 2024 EPSS Score
- May 2, 2024 EPSS Score
- May 31, 2024 EPSS Score
- Jun 30, 2024 EPSS Score
- Jul 29, 2024 EPSS Score
- Aug 28, 2024 EPSS Score
References
- RHSA-2023:7700 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-6393 vdb
- RHBZ#2253113 issue
- https://nvd.nist.gov/vuln/detail/CVE-2023-6393 advisory
- https://github.com/quarkusio/quarkus/issues/37078 url
- https://github.com/quarkusio/quarkus/pull/37077 url
- https://github.com/quarkusio/quarkus/commit/d9ace85caec2d8497b1a2c48b8d52bb163f04adf url
- https://github.com/quarkusio/quarkus package