CVE-2022-0981 A flaw was found in Quarkus, the popular REST client, which can leak state and permissions from one web request to another.

CVE-2022-0981 A flaw was found in Quarkus, the popular REST client, which can leak state and permissions from one web request to another.

This issue could be exploited remotely by injecting malicious requests into the application’s communication channels. In certain configurations, it’s also possible for an authenticated low-privilege user to escalate their privileges to a higher-level role.

To learn more about this vulnerability and download the CVE number, check out the Quarkus security advisory.

Quarkus is an Open Source content management system that’s licensed under the GNU Affero General Public License (AGPL).

Quarkus was found to have a Cross-Site Request Forgery (CSRF) vulnerability. An attacker could exploit this weakness by sending a malicious request from the victim’s browser to the application’s server. An attacker could make this type of request look like a legitimate request sent by the user.

Summary of Quarkus Security Advisory

An attacker could misuse the Cross-Site Request Forgery (CSRF) vulnerability in the Quarkus Apache2 module.
Quarkus is an open source Content Management System under the GNU Affero General Public License (AGPL). Quarkus was found to have a CSRF vulnerability that could be exploited by malicious requests sent from a victim's browser to the application's server.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe