Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by flow
CVE-2023-25500 (GCVE-0-2023-25500)
Vulnerability from cvelistv5 – Published: 2023-06-22 12:49 – Updated: 2024-12-05 19:59
VLAI?
Summary
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| vaadin | vaadin |
Affected:
10.0.0 , ≤ 10.0.23
(maven)
Affected: 11.0.0 , ≤ 14.10.1 (maven) Affected: 15.0.0 , ≤ 22.0.8 (maven) Affected: 23.0.0 , ≤ 23.3.13 (maven) Affected: 24.0.0 , ≤ 24.0.6 (maven) Affected: 24.1.0.alpha1 , ≤ 24.1.0.rc2 (maven) |
|||||||
|
|||||||||
Date Public ?
2023-06-22 13:25
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:18.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vaadin/flow/pull/16935"
},
{
"tags": [
"x_transferred"
],
"url": "https://vaadin.com/security/cve-2023-25500"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T19:59:24.082540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T19:59:30.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "vaadin",
"vendor": "vaadin",
"versions": [
{
"lessThanOrEqual": "10.0.23",
"status": "affected",
"version": "10.0.0",
"versionType": "maven"
},
{
"lessThanOrEqual": "14.10.1",
"status": "affected",
"version": "11.0.0",
"versionType": "maven"
},
{
"lessThanOrEqual": "22.0.8",
"status": "affected",
"version": "15.0.0",
"versionType": "maven"
},
{
"lessThanOrEqual": "23.3.13",
"status": "affected",
"version": "23.0.0",
"versionType": "maven"
},
{
"lessThanOrEqual": "24.0.6",
"status": "affected",
"version": "24.0.0",
"versionType": "maven"
},
{
"lessThanOrEqual": "24.1.0.rc2",
"status": "affected",
"version": "24.1.0.alpha1",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"product": "flow-server",
"vendor": "flow",
"versions": [
{
"lessThanOrEqual": "1.0.20",
"status": "affected",
"version": "1.0.0",
"versionType": "maven"
},
{
"lessThanOrEqual": "2.9.2",
"status": "affected",
"version": "1.1.0",
"versionType": "maven"
},
{
"lessThanOrEqual": "9.1.1",
"status": "affected",
"version": "3.0.0",
"versionType": "maven"
},
{
"lessThanOrEqual": "23.3.12",
"status": "affected",
"version": "23.0.0",
"versionType": "maven"
},
{
"lessThanOrEqual": "24.0.8",
"status": "affected",
"version": "24.0.0",
"versionType": "maven"
},
{
"lessThanOrEqual": "24.1.0.rc3",
"status": "affected",
"version": "24.1.0.alpha1",
"versionType": "maven"
}
]
}
],
"datePublic": "2023-06-22T13:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests."
}
],
"value": "Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-22T13:14:15.174Z",
"orgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
"shortName": "Vaadin"
},
"references": [
{
"url": "https://github.com/vaadin/flow/pull/16935"
},
{
"url": "https://vaadin.com/security/cve-2023-25500"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
"assignerShortName": "Vaadin",
"cveId": "CVE-2023-25500",
"datePublished": "2023-06-22T12:49:06.603Z",
"dateReserved": "2023-02-06T20:44:44.569Z",
"dateUpdated": "2024-12-05T19:59:30.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}