CVE-2023-5675

6.5 MEDIUM

Published: April 25, 2024 Modified: April 15, 2026

Description

A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:0494

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0495

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2023-5675

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2245197

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0494

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2024:0495

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/security/cve/CVE-2023-5675

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=2245197

Source: af854a3a-2127-422b-91ae-364da2661108

8 reference(s) from NVD

Quick Stats

CVSS v3 Score

6.5 / 10.0

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-285

Related CVEs

CVE-2026-6398 N/A

CVE-2026-40261 8.8

CVE-2026-40186 6.1

CVE-2026-40176 7.8

CVE-2026-40173 9.4