CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-10771 – infinispan-server-rest: Actions with effects should not be permitted via GET requests using REST API
https://notcve.org/view.php?id=CVE-2020-10771
27 May 2021 — A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack. Se ha encontrado un fallo en Infinispan versión 10, donde es posible llevar a cabo varias acciones que podrían tener efectos secundarios utilizando peticiones GET. Este fallo permite a un atacante llevar a cabo un ataque de tipo cross-site request forgery (CSRF) A flaw was found in infin... • https://bugzilla.redhat.com/show_bug.cgi?id=1846293 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-31917 – Infinispan: Authentication bypass on REST endpoints when using DIGEST authentication mechanism
https://notcve.org/view.php?id=CVE-2021-31917
27 May 2021 — A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo en Red Hat DataGrid versiones 8.x (8.0.0, 8.0.1, 8.1.0 y 8.1.1) e Infinispan (10.0.0 a 12.0.0). Un atacante podría omitir la autenticación en tod... • https://access.redhat.com/security/cve/cve-2021-31917 • CWE-287: Improper Authentication •