CVE-2023-6393: 
Java vulnerability analysis and mitigation

A vulnerability (CVE-2023-6393) was discovered in the Quarkus Cache Runtime. The flaw affects request processing when utilizing a Uni cached with @CacheResult annotation. The issue was disclosed on December 6, 2023, and affects Red Hat build of Quarkus. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) (Red Hat CVE).

The vulnerability occurs when request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial 'completion' context. In this scenario, the processing switches to the cached Uni context instead of the request context. The vulnerability has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility with high attack complexity and low privileges required (NVD).

When exploited, this vulnerability could allow a malicious user to gain access to sensitive data through a POST request that returns a response intended for another user. This occurs when the cached Uni context contains sensitive information that should not be accessible to unauthorized users (Red Hat CVE).

Red Hat has addressed this vulnerability in Red Hat build of Quarkus 2.13.9 through the security advisory RHSA-2023:7700. Users are advised to update to the fixed version (Red Hat Advisory).