PT-2023-20114 · Vaadin · Vaadin

Kim Leppänen

Publicado

2023-06-22

Atualizado

2023-06-30

CVE-2023-25499

CVSS v3.1

5.7

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Vaadin versions 10.0.0 through 10.0.22 Vaadin versions 11.0.0 through 14.10.0 Vaadin versions 15.0.0 through 22.0.28 Vaadin versions 23.0.0 through 23.3.12 Vaadin versions 24.0.0 through 24.0.5 Vaadin versions 24.1.0.alpha1 through 24.1.0.beta1

Description When adding non-visible components to the UI in server side, content is sent to the browser, resulting in potential information disclosure.

Recommendations For Vaadin versions 10.0.0 through 10.0.22, update to a version outside of this range to mitigate the risk. For Vaadin versions 11.0.0 through 14.10.0, update to a version outside of this range to mitigate the risk. For Vaadin versions 15.0.0 through 22.0.28, update to a version outside of this range to mitigate the risk. For Vaadin versions 23.0.0 through 23.3.12, update to a version outside of this range to mitigate the risk. For Vaadin versions 24.0.0 through 24.0.5, update to a version outside of this range to mitigate the risk. For Vaadin versions 24.1.0.alpha1 through 24.1.0.beta1, update to a version outside of this range to mitigate the risk.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-201CWE-200

Identificadores relacionados

CVE-2023-25499

GHSA-5F9V-MV5G-JH5Q

Produtos afetados

Vaadin

PT-2023-20114 · Vaadin · Vaadin

CVE-2023-25499

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8