{"data":{"id":"ed7cc9ac-c32b-4072-be9c-e552cfbc67e8","title":"CVE-2023-5675: A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the","summary":"CVE-2023-5675 is a security flaw in Quarkus (a Java framework for building applications) where authorization checks are bypassed for REST API endpoints whose methods are defined in abstract classes or modified by extensions using annotation processors, if certain security settings are enabled. This means unauthorized users could potentially access protected API endpoints that should require authentication or specific permissions.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-5675","publishedAt":"2024-04-25T20:15:08.570Z","cveId":"CVE-2023-5675","cweIds":["CWE-285"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Quarkus","Red Hat"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00099,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.65,"researchCategory":null,"atlasIds":null}}