PT-2023-20116 · Vaadin · Vaadin

Publicado

2023-06-22

Atualizado

2023-06-30

CVE-2023-25500

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Vaadin versions 10.0.0 through 10.0.23 Vaadin versions 11.0.0 through 14.10.1 Vaadin versions 15.0.0 through 22.0.28 Vaadin versions 23.0.0 through 23.3.13 Vaadin versions 24.0.0 through 24.0.6 Vaadin versions 24.1.0.alpha1 through 24.1.0.rc2

Description The issue results in potential information disclosure of class and method names in RPC responses by sending modified requests.

Recommendations For Vaadin versions 10.0.0 through 10.0.23, update to a version outside of this range to mitigate the risk. For Vaadin versions 11.0.0 through 14.10.1, update to a version outside of this range to mitigate the risk. For Vaadin versions 15.0.0 through 22.0.28, update to a version outside of this range to mitigate the risk. For Vaadin versions 23.0.0 through 23.3.13, update to a version outside of this range to mitigate the risk. For Vaadin versions 24.0.0 through 24.0.6, update to a version outside of this range to mitigate the risk. For Vaadin versions 24.1.0.alpha1 through 24.1.0.rc2, update to a version outside of this range to mitigate the risk.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1295CWE-200

Identificadores relacionados

CVE-2023-25500

GHSA-CH48-9R3Q-PV7X

Produtos afetados

Vaadin

PT-2023-20116 · Vaadin · Vaadin

CVE-2023-25500

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8