Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Designer by Vaadin

    CVE-2021-31410 (GCVE-0-2021-31410)

    Vulnerability from nvd – Published: 2021-04-23 16:08 – Updated: 2024-09-17 02:37
    VLAI
    Title
    Project sources exposure in Vaadin Designer
    Summary
    Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.
    CWE
    • CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')
    Assigner
    References
    URL Tags
    https://vaadin.com/security/cve-2021-31410 x_refsource_MISC
    Impacted products
    Vendor Product Version
    Vaadin Designer Affected: 4.3.0 , < * (custom)
    Create a notification for this product.
    Date Public
    2021-04-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T22:55:53.761Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vaadin.com/security/cve-2021-31410"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Designer",
              "vendor": "Vaadin",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-04-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-402",
                  "description": "CWE-402 Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-23T16:08:30.000Z",
            "orgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
            "shortName": "Vaadin"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vaadin.com/security/cve-2021-31410"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Project sources exposure in Vaadin Designer",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "security@vaadin.com",
              "DATE_PUBLIC": "2021-04-22T12:29:00.000Z",
              "ID": "CVE-2021-31410",
              "STATE": "PUBLIC",
              "TITLE": "Project sources exposure in Vaadin Designer"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Designer",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "\u003e=",
                                "version_name": "",
                                "version_value": "4.3.0"
                              },
                              {
                                "platform": "",
                                "version_affected": "\u003c=",
                                "version_name": "",
                                "version_value": "4.6.3 +1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Vaadin"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request."
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-402 Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://vaadin.com/security/cve-2021-31410",
                  "refsource": "MISC",
                  "url": "https://vaadin.com/security/cve-2021-31410"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "INTERNAL"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
        "assignerShortName": "Vaadin",
        "cveId": "CVE-2021-31410",
        "datePublished": "2021-04-23T16:08:31.003Z",
        "dateReserved": "2021-04-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:37:25.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31410 (GCVE-0-2021-31410)

    Vulnerability from cvelistv5 – Published: 2021-04-23 16:08 – Updated: 2024-09-17 02:37
    VLAI
    Title
    Project sources exposure in Vaadin Designer
    Summary
    Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.
    CWE
    • CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')
    Assigner
    References
    URL Tags
    https://vaadin.com/security/cve-2021-31410 x_refsource_MISC
    Impacted products
    Vendor Product Version
    Vaadin Designer Affected: 4.3.0 , < * (custom)
    Create a notification for this product.
    Date Public
    2021-04-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T22:55:53.761Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vaadin.com/security/cve-2021-31410"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Designer",
              "vendor": "Vaadin",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-04-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-402",
                  "description": "CWE-402 Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-23T16:08:30.000Z",
            "orgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
            "shortName": "Vaadin"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vaadin.com/security/cve-2021-31410"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Project sources exposure in Vaadin Designer",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "",
              "ASSIGNER": "security@vaadin.com",
              "DATE_PUBLIC": "2021-04-22T12:29:00.000Z",
              "ID": "CVE-2021-31410",
              "STATE": "PUBLIC",
              "TITLE": "Project sources exposure in Vaadin Designer"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Designer",
                          "version": {
                            "version_data": [
                              {
                                "platform": "",
                                "version_affected": "\u003e=",
                                "version_name": "",
                                "version_value": "4.3.0"
                              },
                              {
                                "platform": "",
                                "version_affected": "\u003c=",
                                "version_name": "",
                                "version_value": "4.6.3 +1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Vaadin"
                  }
                ]
              }
            },
            "configuration": [],
            "credit": [],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request."
                }
              ]
            },
            "exploit": [],
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-402 Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://vaadin.com/security/cve-2021-31410",
                  "refsource": "MISC",
                  "url": "https://vaadin.com/security/cve-2021-31410"
                }
              ]
            },
            "solution": [],
            "source": {
              "advisory": "",
              "defect": [],
              "discovery": "INTERNAL"
            },
            "work_around": []
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
        "assignerShortName": "Vaadin",
        "cveId": "CVE-2021-31410",
        "datePublished": "2021-04-23T16:08:31.003Z",
        "dateReserved": "2021-04-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:37:25.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }