CVE-2020-25633

Published: Sep 18, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.

Affected (3)

Products: Redhat: Resteasy · Quarkus: Quarkus

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Resteasy	Before 3.14.0
Redhat Resteasy	From 4.5.0 to 4.5.6

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Quarkus Quarkus	Up to 1.11.6

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.