Search criteria
2 vulnerabilities found for Designer by Vaadin
CVE-2021-31410 (GCVE-0-2021-31410)
Vulnerability from nvd – Published: 2021-04-23 16:08 – Updated: 2024-09-17 02:37
VLAI?
Title
Project sources exposure in Vaadin Designer
Summary
Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.
Severity ?
8.6 (High)
CWE
- CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vaadin.com/security/cve-2021-31410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Designer",
"vendor": "Vaadin",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "4.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-402",
"description": "CWE-402 Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T16:08:30",
"orgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
"shortName": "Vaadin"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vaadin.com/security/cve-2021-31410"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Project sources exposure in Vaadin Designer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@vaadin.com",
"DATE_PUBLIC": "2021-04-22T12:29:00.000Z",
"ID": "CVE-2021-31410",
"STATE": "PUBLIC",
"TITLE": "Project sources exposure in Vaadin Designer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Designer",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003e=",
"version_name": "",
"version_value": "4.3.0"
},
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "",
"version_value": "4.6.3 +1"
}
]
}
}
]
},
"vendor_name": "Vaadin"
}
]
}
},
"configuration": [],
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-402 Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vaadin.com/security/cve-2021-31410",
"refsource": "MISC",
"url": "https://vaadin.com/security/cve-2021-31410"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "INTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
"assignerShortName": "Vaadin",
"cveId": "CVE-2021-31410",
"datePublished": "2021-04-23T16:08:31.003622Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-17T02:37:25.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31410 (GCVE-0-2021-31410)
Vulnerability from cvelistv5 – Published: 2021-04-23 16:08 – Updated: 2024-09-17 02:37
VLAI?
Title
Project sources exposure in Vaadin Designer
Summary
Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.
Severity ?
8.6 (High)
CWE
- CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vaadin.com/security/cve-2021-31410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Designer",
"vendor": "Vaadin",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "4.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-402",
"description": "CWE-402 Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T16:08:30",
"orgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
"shortName": "Vaadin"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vaadin.com/security/cve-2021-31410"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Project sources exposure in Vaadin Designer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@vaadin.com",
"DATE_PUBLIC": "2021-04-22T12:29:00.000Z",
"ID": "CVE-2021-31410",
"STATE": "PUBLIC",
"TITLE": "Project sources exposure in Vaadin Designer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Designer",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003e=",
"version_name": "",
"version_value": "4.3.0"
},
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "",
"version_value": "4.6.3 +1"
}
]
}
}
]
},
"vendor_name": "Vaadin"
}
]
}
},
"configuration": [],
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-402 Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vaadin.com/security/cve-2021-31410",
"refsource": "MISC",
"url": "https://vaadin.com/security/cve-2021-31410"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "INTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
"assignerShortName": "Vaadin",
"cveId": "CVE-2021-31410",
"datePublished": "2021-04-23T16:08:31.003622Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-17T02:37:25.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}