PT-2023-20116 · Vaadin · Vaadin
Published
2023-06-22
·
Updated
2023-06-30
·
CVE-2023-25500
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Vaadin versions 10.0.0 through 10.0.23
Vaadin versions 11.0.0 through 14.10.1
Vaadin versions 15.0.0 through 22.0.28
Vaadin versions 23.0.0 through 23.3.13
Vaadin versions 24.0.0 through 24.0.6
Vaadin versions 24.1.0.alpha1 through 24.1.0.rc2
Description
The issue results in potential information disclosure of class and method names in RPC responses by sending modified requests.
Recommendations
For Vaadin versions 10.0.0 through 10.0.23, update to a version outside of this range to mitigate the risk.
For Vaadin versions 11.0.0 through 14.10.1, update to a version outside of this range to mitigate the risk.
For Vaadin versions 15.0.0 through 22.0.28, update to a version outside of this range to mitigate the risk.
For Vaadin versions 23.0.0 through 23.3.13, update to a version outside of this range to mitigate the risk.
For Vaadin versions 24.0.0 through 24.0.6, update to a version outside of this range to mitigate the risk.
For Vaadin versions 24.1.0.alpha1 through 24.1.0.rc2, update to a version outside of this range to mitigate the risk.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Vaadin