← Back

CVE-2023-25499

nvd nist
Published: Jun 22, 2023Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.

Affected (12)

Products: Vaadin: Vaadin
Vaadin
1 product
Vaadin
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Vaadin
Vaadin
From 10.0.0 to 10.0.23
Vaadin
From 11.0.0 to 14.10.1
Vaadin
From 15.0.0 to 22.0.28
Vaadin
From 23.0.0 to 23.3.13
Vaadin
From 24.0.0 to 24.0.6
Vaadin
Version 24.1.0 alpha1
Vaadin
Version 24.1.0 alpha2
Vaadin
Version 24.1.0 alpha3
Vaadin
Version 24.1.0 alpha4
Vaadin
Version 24.1.0 alpha5
Vaadin
Version 24.1.0 alpha6
Vaadin
Version 24.1.0 beta1

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: security@vaadin.com
Patch
Source: security@vaadin.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.