What the vulnerability does

01Description

A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.

Key dates

02Disclosure timeline

March 23, 2022 CVE published
August 2, 2024 Record updated