← Back

CVE-2023-25500

nvd nist
Published: Jun 22, 2023Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.

Affected (16)

Products: Vaadin: Vaadin
Vaadin
1 product
Vaadin
Configuration A
16 vulnerable
Vulnerable SoftwareAffected Versions
Vaadin
Vaadin
From 10.0.0 to 10.0.23
Vaadin
From 11.0.0 to 14.10.2
Vaadin
From 15.0.0 to 22.0.28
Vaadin
From 23.0.0 to 23.3.14
Vaadin
From 24.0.0 to 24.0.7
Vaadin
Version 24.1.0 alpha1
Vaadin
Version 24.1.0 alpha2
Vaadin
Version 24.1.0 alpha3
Vaadin
Version 24.1.0 alpha4
Vaadin
Version 24.1.0 alpha5
Vaadin
Version 24.1.0 alpha6
Vaadin
Version 24.1.0 beta1
Vaadin
Version 24.1.0 beta2
Vaadin
Version 24.1.0 beta3
Vaadin
Version 24.1.0 rc1
Vaadin
Version 24.1.0 rc2

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: security@vaadin.com
Patch
Source: security@vaadin.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.