If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
This issue has been addressed in the following products: Red Hat build of Quarkus Via RHSA-2023:0758 https://access.redhat.com/errata/RHSA-2023:0758
This issue has been addressed in the following products: Red Hat build of Quarkus 2.7.7 Via RHSA-2023:1006 https://access.redhat.com/errata/RHSA-2023:1006
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-0044