CVE-2023-6394 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-6394 PUBLISHED CVSS 7.400000095367432 HIGH

Authorization bypass in Quarkus

EPSS 0.54% · 67.3th percentile

Risk Scores

CVSS v3.1

7.400000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.54%

67.3th percentile

Affected Products

Vendor	Product	Versions
quarkus	quarkus	0
Maven	io.quarkus:quarkus-smallrye-graphql-client	2.14.0, 0
Red Hat	Red Hat build of Quarkus 2.13.9.Final	2.13.9.Final-redhat-00002
redhat	build_of_quarkus
Red Hat	Red Hat build of Quarkus 3.2.9.Final	3.2.9.Final-redhat-00002

Timeline

Dec 9, 2023 CVE Published
Dec 9, 2023 EPSS Score
Jan 7, 2024 EPSS Score
Feb 5, 2024 EPSS Score
Mar 4, 2024 EPSS Score
Apr 2, 2024 EPSS Score
May 1, 2024 EPSS Score
May 30, 2024 EPSS Score
Jun 28, 2024 EPSS Score
Jul 27, 2024 EPSS Score
Aug 24, 2024 EPSS Score
Sep 22, 2024 EPSS Score

References

RHSA-2023:7612 vendor-advisory
RHSA-2023:7700 vendor-advisory
https://access.redhat.com/security/cve/CVE-2023-6394 vdb
RHBZ#2252197 issue
https://nvd.nist.gov/vuln/detail/CVE-2023-6394 advisory
https://github.com/quarkusio/quarkus/pull/36961 url
https://github.com/quarkusio/quarkus package
https://github.com/quarkusio/quarkus/releases/tag/2.13.9.Final url
https://github.com/quarkusio/quarkus/releases/tag/3.5.3 url

Open in Interactive Console →