CVE-2023-0044: XSS

Q: What is the vulnerability ID of this flaw?

The vulnerability ID of this flaw is CVE-2023-0044.

Q: What is the severity level of CVE-2023-0044?

CVE-2023-0044 has a severity level of medium.

Q: How does this vulnerability affect Quarkus?

This vulnerability affects Quarkus if the Quarkus Form Authentication session cookie Path attribute is set to '/'.

Q: What is the potential risk of this vulnerability?

The potential risk of this vulnerability is cross-site attack which may lead to information disclosure.

Q: How can the Quarkus CSRF Prevention feature help prevent this vulnerability?

The Quarkus CSRF Prevention feature can prevent the cross-site attack and mitigate the risk of information disclosure.

Published Jan 4, 2023

Updated

A flaw was found in Quarkus. If the Quarkus Form Authentication session cookie Path attribute is set to `/`, then a cross-site attack may be initiated, which might lead to information disclosure.

Affected Software

3 affected componentsFixes available

redhat/quarkus-vertx-http<2.13.7

2.13.7

Quarkus Quarkus<2.13.7

redhat Build Of Quarkus

Remediation

Information

This attack can be prevented with the Quarkus CSRF Prevention feature.

Event History

Jan 4, 2023

CVE Published

12:00 AM

Data Sourced

12:00 AM

RemedyDescriptionSeverityAffected Software

Feb 23, 2023

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

DescriptionWeakness

Frequently Asked Questions

What is the vulnerability ID of this flaw?

The vulnerability ID of this flaw is CVE-2023-0044.

What is the severity level of CVE-2023-0044?

CVE-2023-0044 has a severity level of medium.

How does this vulnerability affect Quarkus?

This vulnerability affects Quarkus if the Quarkus Form Authentication session cookie Path attribute is set to '/'.

What is the potential risk of this vulnerability?

The potential risk of this vulnerability is cross-site attack which may lead to information disclosure.

How can the Quarkus CSRF Prevention feature help prevent this vulnerability?

The Quarkus CSRF Prevention feature can prevent the cross-site attack and mitigate the risk of information disclosure.

CVSS Score

5.3Medium

Medium Severity

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Security Metrics

Risk Score39

Severitymedium(6.1)

CWE

79352

Timeline

PublishedJan 4, 2023

Updated

References

Parent Advisories

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.