Vulnerability-Lookup

WID-SEC-W-2023-3070

Vulnerability from csaf_certbund - Published: 2023-12-06 23:00 - Updated: 2025-10-16 22:00

Summary

Red Hat JBoss A-MQ: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

JBoss A-MQ ist eine Messaging-Plattform.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss A-MQ ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "JBoss A-MQ ist eine Messaging-Plattform.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss A-MQ ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3070 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3070.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3070 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3070"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2023-12-06",
        "url": "https://access.redhat.com/errata/RHSA-2023:7678"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7697 vom 2023-12-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:7697"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin December 12 2023 vom 2023-12-12",
        "url": "https://confluence.atlassian.com/security/security-bulletin-december-12-2023-1319249520.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0705 vom 2024-02-06",
        "url": "https://access.redhat.com/errata/RHSA-2024:0705"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0903 vom 2024-02-20",
        "url": "https://access.redhat.com/errata/RHSA-2024:0903"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2945 vom 2024-05-21",
        "url": "https://access.redhat.com/errata/RHSA-2024:2945"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3354 vom 2024-05-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:3354"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:6536 vom 2024-09-10",
        "url": "https://access.redhat.com/errata/RHSA-2024:6536"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7248128 vom 2025-10-16",
        "url": "https://www.ibm.com/support/pages/node/7248128"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat JBoss A-MQ: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-10-16T22:00:00.000+00:00",
      "generator": {
        "date": "2025-10-17T08:13:25.924+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2023-3070",
      "initial_release_date": "2023-12-06T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-12-06T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-12-07T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-12-12T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2024-02-06T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-02-20T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-21T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-23T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-09-10T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-10-16T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.2.7",
                "product": {
                  "name": "Atlassian Bamboo \u003c9.2.7",
                  "product_id": "1529586"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.7",
                "product": {
                  "name": "Atlassian Bamboo 9.2.7",
                  "product_id": "1529586-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.2.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.3.5",
                "product": {
                  "name": "Atlassian Bamboo \u003c9.3.5",
                  "product_id": "T031324"
                }
              },
              {
                "category": "product_version",
                "name": "9.3.5",
                "product": {
                  "name": "Atlassian Bamboo 9.3.5",
                  "product_id": "T031324-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:9.3.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bamboo"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.21.18",
                "product": {
                  "name": "Atlassian Bitbucket \u003c7.21.18",
                  "product_id": "T031325"
                }
              },
              {
                "category": "product_version",
                "name": "7.21.18",
                "product": {
                  "name": "Atlassian Bitbucket 7.21.18",
                  "product_id": "T031325-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:7.21.18"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.9.7",
                "product": {
                  "name": "Atlassian Bitbucket \u003c8.9.7",
                  "product_id": "T031614"
                }
              },
              {
                "category": "product_version",
                "name": "8.9.7",
                "product": {
                  "name": "Atlassian Bitbucket 8.9.7",
                  "product_id": "T031614-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.9.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.11.6",
                "product": {
                  "name": "Atlassian Bitbucket \u003c8.11.6",
                  "product_id": "T031615"
                }
              },
              {
                "category": "product_version",
                "name": "8.11.6",
                "product": {
                  "name": "Atlassian Bitbucket 8.11.6",
                  "product_id": "T031615-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.11.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.12.4",
                "product": {
                  "name": "Atlassian Bitbucket \u003c8.12.4",
                  "product_id": "T031616"
                }
              },
              {
                "category": "product_version",
                "name": "8.12.4",
                "product": {
                  "name": "Atlassian Bitbucket 8.12.4",
                  "product_id": "T031616-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.12.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.13.3",
                "product": {
                  "name": "Atlassian Bitbucket \u003c8.13.3",
                  "product_id": "T031617"
                }
              },
              {
                "category": "product_version",
                "name": "8.13.3",
                "product": {
                  "name": "Atlassian Bitbucket 8.13.3",
                  "product_id": "T031617-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.13.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.14.2",
                "product": {
                  "name": "Atlassian Bitbucket \u003c8.14.2",
                  "product_id": "T031618"
                }
              },
              {
                "category": "product_version",
                "name": "8.14.2",
                "product": {
                  "name": "Atlassian Bitbucket 8.14.2",
                  "product_id": "T031618-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.14.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bitbucket"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.3.4",
                "product": {
                  "name": "Atlassian Confluence \u003c8.3.4",
                  "product_id": "T030846"
                }
              },
              {
                "category": "product_version",
                "name": "8.3.4",
                "product": {
                  "name": "Atlassian Confluence 8.3.4",
                  "product_id": "T030846-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.3.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.19.17",
                "product": {
                  "name": "Atlassian Confluence \u003c7.19.17",
                  "product_id": "T031609"
                }
              },
              {
                "category": "product_version",
                "name": "7.19.17",
                "product": {
                  "name": "Atlassian Confluence 7.19.17",
                  "product_id": "T031609-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:7.19.17"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.4.5",
                "product": {
                  "name": "Atlassian Confluence \u003c8.4.5",
                  "product_id": "T031610"
                }
              },
              {
                "category": "product_version",
                "name": "8.4.5",
                "product": {
                  "name": "Atlassian Confluence 8.4.5",
                  "product_id": "T031610-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.4.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.5.4",
                "product": {
                  "name": "Atlassian Confluence \u003c8.5.4",
                  "product_id": "T031611"
                }
              },
              {
                "category": "product_version",
                "name": "8.5.4",
                "product": {
                  "name": "Atlassian Confluence 8.5.4",
                  "product_id": "T031611-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.5.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.6.2",
                "product": {
                  "name": "Atlassian Confluence \u003c8.6.2",
                  "product_id": "T031612"
                }
              },
              {
                "category": "product_version",
                "name": "8.6.2",
                "product": {
                  "name": "Atlassian Confluence 8.6.2",
                  "product_id": "T031612-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.6.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.7.1",
                "product": {
                  "name": "Atlassian Confluence \u003c8.7.1",
                  "product_id": "T031613"
                }
              },
              {
                "category": "product_version",
                "name": "8.7.1",
                "product": {
                  "name": "Atlassian Confluence 8.7.1",
                  "product_id": "T031613-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.7.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.4.13",
                "product": {
                  "name": "Atlassian Jira \u003c9.4.13",
                  "product_id": "T031606"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.13",
                "product": {
                  "name": "Atlassian Jira 9.4.13",
                  "product_id": "T031606-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:9.4.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Service Management \u003c4.20.28",
                "product": {
                  "name": "Atlassian Jira Service Management \u003c4.20.28",
                  "product_id": "T031607"
                }
              },
              {
                "category": "product_version",
                "name": "Service Management 4.20.28",
                "product": {
                  "name": "Atlassian Jira Service Management 4.20.28",
                  "product_id": "T031607-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:service_management__4.20.28"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Service Management \u003c5.4.12",
                "product": {
                  "name": "Atlassian Jira Service Management \u003c5.4.12",
                  "product_id": "T031608"
                }
              },
              {
                "category": "product_version",
                "name": "Service Management 5.4.12",
                "product": {
                  "name": "Atlassian Jira Service Management 5.4.12",
                  "product_id": "T031608-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira_software:service_management__5.4.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jira Software"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM QRadar SIEM",
            "product": {
              "name": "IBM QRadar SIEM",
              "product_id": "T021415",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:qradar_siem:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "AMQ Streams 2",
                "product": {
                  "name": "Red Hat Enterprise Linux AMQ Streams 2",
                  "product_id": "T037463",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:amq_streams_2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.6.0 Streams",
                "product": {
                  "name": "Red Hat JBoss A-MQ \u003c2.6.0 Streams",
                  "product_id": "T031506"
                }
              },
              {
                "category": "product_version",
                "name": "2.6.0 Streams",
                "product": {
                  "name": "Red Hat JBoss A-MQ 2.6.0 Streams",
                  "product_id": "T031506-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_amq:2.6.0_streams"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Clients 3",
                "product": {
                  "name": "Red Hat JBoss A-MQ Clients 3",
                  "product_id": "T031509",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_amq:clients_3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Broker \u003c7.12.0",
                "product": {
                  "name": "Red Hat JBoss A-MQ Broker \u003c7.12.0",
                  "product_id": "T034934"
                }
              },
              {
                "category": "product_version",
                "name": "Broker 7.12.0",
                "product": {
                  "name": "Red Hat JBoss A-MQ Broker 7.12.0",
                  "product_id": "T034934-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_amq:broker__7.12.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "JBoss A-MQ"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-46751",
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "67646",
          "T031325",
          "T031611",
          "T031614",
          "T034934",
          "T031613",
          "T037463",
          "1529586",
          "T021415",
          "T030846",
          "T031616",
          "T031506",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031509",
          "T031608"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2022-46751"
    },
    {
      "cve": "CVE-2023-20873",
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "67646",
          "T031325",
          "T031611",
          "T031614",
          "T034934",
          "T031613",
          "T037463",
          "1529586",
          "T021415",
          "T030846",
          "T031616",
          "T031506",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031509",
          "T031608"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-20873"
    },
    {
      "cve": "CVE-2023-2976",
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "67646",
          "T031325",
          "T031611",
          "T031614",
          "T034934",
          "T031613",
          "T037463",
          "1529586",
          "T021415",
          "T030846",
          "T031616",
          "T031506",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031509",
          "T031608"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-31582",
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "67646",
          "T031325",
          "T031611",
          "T031614",
          "T034934",
          "T031613",
          "T037463",
          "1529586",
          "T021415",
          "T030846",
          "T031616",
          "T031506",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031509",
          "T031608"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-31582"
    },
    {
      "cve": "CVE-2023-33201",
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "67646",
          "T031325",
          "T031611",
          "T031614",
          "T034934",
          "T031613",
          "T037463",
          "1529586",
          "T021415",
          "T030846",
          "T031616",
          "T031506",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031509",
          "T031608"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-33201"
    },
    {
      "cve": "CVE-2023-40167",
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "67646",
          "T031325",
          "T031611",
          "T031614",
          "T034934",
          "T031613",
          "T037463",
          "1529586",
          "T021415",
          "T030846",
          "T031616",
          "T031506",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031509",
          "T031608"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-40167"
    },
    {
      "cve": "CVE-2023-41080",
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "67646",
          "T031325",
          "T031611",
          "T031614",
          "T034934",
          "T031613",
          "T037463",
          "1529586",
          "T021415",
          "T030846",
          "T031616",
          "T031506",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031509",
          "T031608"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-41080"
    },
    {
      "cve": "CVE-2023-42445",
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "67646",
          "T031325",
          "T031611",
          "T031614",
          "T034934",
          "T031613",
          "T037463",
          "1529586",
          "T021415",
          "T030846",
          "T031616",
          "T031506",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031509",
          "T031608"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-42445"
    },
    {
      "cve": "CVE-2023-44387",
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "67646",
          "T031325",
          "T031611",
          "T031614",
          "T034934",
          "T031613",
          "T037463",
          "1529586",
          "T021415",
          "T030846",
          "T031616",
          "T031506",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031509",
          "T031608"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-44387"
    },
    {
      "cve": "CVE-2023-44981",
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "67646",
          "T031325",
          "T031611",
          "T031614",
          "T034934",
          "T031613",
          "T037463",
          "1529586",
          "T021415",
          "T030846",
          "T031616",
          "T031506",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031509",
          "T031608"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-44981"
    },
    {
      "cve": "CVE-2023-5072",
      "product_status": {
        "known_affected": [
          "T031324",
          "T031610",
          "T031612",
          "67646",
          "T031325",
          "T031611",
          "T031614",
          "T034934",
          "T031613",
          "T037463",
          "1529586",
          "T021415",
          "T030846",
          "T031616",
          "T031506",
          "T031615",
          "T031607",
          "T031618",
          "T031606",
          "T031617",
          "T031609",
          "T031509",
          "T031608"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-5072"
    }
  ]
}

CVE-2023-33201 (GCVE-0-2023-33201)

Vulnerability from cvelistv5 – Published: 2023-07-05 00:00 – Updated: 2024-12-04 15:48

Summary

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://bouncycastle.org
	https://github.com/bcgit/bc-java/commit/e8c409a83…
	https://github.com/bcgit/bc-java/wiki/CVE-2023-33201
	https://lists.debian.org/debian-lts-announce/2023…	mailing-list
	https://security.netapp.com/advisory/ntap-2023082…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.708Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bouncycastle.org"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
          },
          {
            "name": "[debian-lts-announce] 20230802 [SECURITY] [DLA 3514-1] bouncycastle security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230824-0008/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33201",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T15:47:56.732893Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T15:48:15.487Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate\u0027s Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-24T18:06:18.676012",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bouncycastle.org"
        },
        {
          "url": "https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc"
        },
        {
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
        },
        {
          "name": "[debian-lts-announce] 20230802 [SECURITY] [DLA 3514-1] bouncycastle security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230824-0008/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-33201",
    "datePublished": "2023-07-05T00:00:00",
    "dateReserved": "2023-05-18T00:00:00",
    "dateUpdated": "2024-12-04T15:48:15.487Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20873 (GCVE-0-2023-20873)

Vulnerability from cvelistv5 – Published: 2023-04-20 00:00 – Updated: 2025-05-05 16:06

Summary

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Security Bypass with Spring Boot when deployed to Cloud Foundry

Assigner

vmware

References

URL

Tags

	https://spring.io/security/cve-2023-20873
	https://security.netapp.com/advisory/ntap-2023060…
	https://spring.io/blog/2023/05/18/spring-boot-2-5…

Impacted products

	Vendor	Product	Version
	n/a	Spring Boot	Affected: Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:21:33.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://spring.io/security/cve-2023-20873"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230601-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://spring.io/blog/2023/05/18/spring-boot-2-5-15-and-2-6-15-available-now"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-20873",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:27:26.744900Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:06:07.713Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Boot",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Bypass with Spring Boot when deployed to Cloud Foundry",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-28T12:58:21.690Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2023-20873"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230601-0009/"
        },
        {
          "url": "https://spring.io/blog/2023/05/18/spring-boot-2-5-15-and-2-6-15-available-now"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2023-20873",
    "datePublished": "2023-04-20T00:00:00.000Z",
    "dateReserved": "2022-11-01T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:06:07.713Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-44387 (GCVE-0-2023-44387)

Vulnerability from cvelistv5 – Published: 2023-10-05 17:51 – Updated: 2025-02-13 17:13

Title

Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations

Summary

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.

Severity ?

3.2 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CWE

CWE-732 - Incorrect Permission Assignment for Critical Resource

Assigner

GitHub_M

References

URL

Tags

	https://github.com/gradle/gradle/security/advisor…	x_refsource_CONFIRM
	https://github.com/gradle/gradle/commit/3b406191e…	x_refsource_MISC
	https://github.com/gradle/gradle/releases/tag/v7.6.3	x_refsource_MISC
	https://github.com/gradle/gradle/releases/tag/v8.4.0	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2023111…

Impacted products

	Vendor	Product	Version
	gradle	gradle	Affected: >= 7.6.0, < 7.6.3 Affected: < 8.4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:07:32.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9"
          },
          {
            "name": "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7"
          },
          {
            "name": "https://github.com/gradle/gradle/releases/tag/v7.6.3",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/gradle/gradle/releases/tag/v7.6.3"
          },
          {
            "name": "https://github.com/gradle/gradle/releases/tag/v8.4.0",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/gradle/gradle/releases/tag/v8.4.0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231110-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "gradle",
          "vendor": "gradle",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 7.6.0, \u003c 7.6.3"
            },
            {
              "status": "affected",
              "version": "\u003c 8.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-10T18:06:31.367Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9"
        },
        {
          "name": "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7"
        },
        {
          "name": "https://github.com/gradle/gradle/releases/tag/v7.6.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gradle/gradle/releases/tag/v7.6.3"
        },
        {
          "name": "https://github.com/gradle/gradle/releases/tag/v8.4.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gradle/gradle/releases/tag/v8.4.0"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231110-0006/"
        }
      ],
      "source": {
        "advisory": "GHSA-43r3-pqhv-f7h9",
        "discovery": "UNKNOWN"
      },
      "title": "Gradle has incorrect permission assignment for symlinked files used in copy or archiving operations"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-44387",
    "datePublished": "2023-10-05T17:51:15.407Z",
    "dateReserved": "2023-09-28T17:56:32.613Z",
    "dateUpdated": "2025-02-13T17:13:40.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-31582 (GCVE-0-2023-31582)

Vulnerability from cvelistv5 – Published: 2023-10-24 00:00 – Updated: 2024-09-11 18:37

Summary

jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://bitbucket.org/b_c/jose4j/issues/203/insec…
	https://github.com/KANIXB/JWTIssues/blob/main/jos…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:53:30.902Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-31582",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T18:37:16.085483Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T18:37:34.066Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T22:30:18.964347",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then"
        },
        {
          "url": "https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-31582",
    "datePublished": "2023-10-24T00:00:00",
    "dateReserved": "2023-04-29T00:00:00",
    "dateUpdated": "2024-09-11T18:37:34.066Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-40167 (GCVE-0-2023-40167)

Vulnerability from cvelistv5 – Published: 2023-09-15 19:37 – Updated: 2025-02-13 17:03

Title

Jetty accepts "+" prefixed value in Content-Length

Summary

Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-130 - Improper Handling of Length Parameter Inconsistency

Assigner

GitHub_M

References

URL

Tags

	https://github.com/eclipse/jetty.project/security…	x_refsource_CONFIRM
	https://www.rfc-editor.org/rfc/rfc9110#section-8.6	x_refsource_MISC
	https://www.debian.org/security/2023/dsa-5507
	https://lists.debian.org/debian-lts-announce/2023…

Impacted products

	Vendor	Product	Version
	eclipse	jetty.project	Affected: >= 9.0.0, <= 9.4.51 Affected: >= 10.0.0, <= 10.0.15 Affected: >= 11.0.0, <= 11.0.15 Affected: = 12.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:24:55.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6"
          },
          {
            "name": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5507"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40167",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T18:49:57.977850Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T18:50:08.203Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jetty.project",
          "vendor": "eclipse",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 9.0.0, \u003c= 9.4.51"
            },
            {
              "status": "affected",
              "version": "\u003e= 10.0.0, \u003c= 10.0.15"
            },
            {
              "status": "affected",
              "version": "\u003e= 11.0.0, \u003c= 11.0.15"
            },
            {
              "status": "affected",
              "version": "= 12.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field.  This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses.  There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-130",
              "description": "CWE-130: Improper Handling of Length Parameter Inconsistency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-30T14:06:19.236Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6"
        },
        {
          "name": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5507"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html"
        }
      ],
      "source": {
        "advisory": "GHSA-hmr7-m48g-48f6",
        "discovery": "UNKNOWN"
      },
      "title": "Jetty accepts \"+\" prefixed value in Content-Length"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-40167",
    "datePublished": "2023-09-15T19:37:37.530Z",
    "dateReserved": "2023-08-09T15:26:41.051Z",
    "dateUpdated": "2025-02-13T17:03:25.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-41080 (GCVE-0-2023-41080)

Vulnerability from cvelistv5 – Published: 2023-08-25 20:39 – Updated: 2025-10-29 12:04

Title

Apache Tomcat: Open redirect with FORM authentication

Summary

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may also be affected. The vulnerability is limited to the ROOT (default) web application.

Severity ?

No CVSS data available.

CWE

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/71wvwprtx2j2m54fo…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Affected: 11.0.0-M1 , ≤ 11.0.0-M10 (semver) Affected: 10.1.0-M1 , ≤ 10.0.12 (semver) Affected: 9.0.0-M1 , ≤ 9.0.79 (semver) Affected: 8.5.0 , ≤ 8.5.92 (semver) Unknown: 3 , < 8.5.0 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver)

Credits

This vulnerability was reported responsibly to the Tomcat security team by Yiheng Cao.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:46:11.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230921-0006/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5522"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5521"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-41080",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T18:42:58.974327Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T18:43:12.433Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.0-M10",
              "status": "affected",
              "version": "11.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.12",
              "status": "affected",
              "version": "10.1.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.79",
              "status": "affected",
              "version": "9.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.92",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.5.0",
              "status": "unknown",
              "version": "3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.27",
              "status": "unknown",
              "version": "10.0.0-M1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This vulnerability was reported responsibly to the Tomcat security team by Yiheng Cao."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in FORM authentication feature Apache Tomcat.\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\u003cbr\u003eOlder, EOL versions may\u0026nbsp;also be affected.\u003cbr\u003e\u003c/p\u003eThe vulnerability is limited to the ROOT (default) web application."
            }
          ],
          "value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\nOlder, EOL versions may\u00a0also be affected.\n\n\nThe vulnerability is limited to the ROOT (default) web application."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T12:04:40.271Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat: Open redirect with FORM authentication",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-41080",
    "datePublished": "2023-08-25T20:39:36.584Z",
    "dateReserved": "2023-08-22T18:21:35.140Z",
    "dateUpdated": "2025-10-29T12:04:40.271Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-42445 (GCVE-0-2023-42445)

Vulnerability from cvelistv5 – Published: 2023-10-06 13:52 – Updated: 2025-06-16 17:08

Title

Possible local file exfiltration by XML External entity injection

Summary

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE

CWE-611 - Improper Restriction of XML External Entity Reference

Assigner

GitHub_M

References

URL

Tags

	https://github.com/gradle/gradle/security/advisor…	x_refsource_CONFIRM
	https://github.com/gradle/gradle/releases/tag/v7.6.3	x_refsource_MISC
	https://github.com/gradle/gradle/releases/tag/v8.4.0	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2023111…

Impacted products

	Vendor	Product	Version
	gradle	gradle	Affected: < 8.4 Affected: < 7.6.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:23:38.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8"
          },
          {
            "name": "https://github.com/gradle/gradle/releases/tag/v7.6.3",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/gradle/gradle/releases/tag/v7.6.3"
          },
          {
            "name": "https://github.com/gradle/gradle/releases/tag/v8.4.0",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/gradle/gradle/releases/tag/v8.4.0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231110-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-42445",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-19T18:40:52.777135Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-16T17:08:05.678Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "gradle",
          "vendor": "gradle",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 8.4"
            },
            {
              "status": "affected",
              "version": "\u003c 7.6.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-10T18:06:29.614Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8"
        },
        {
          "name": "https://github.com/gradle/gradle/releases/tag/v7.6.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gradle/gradle/releases/tag/v7.6.3"
        },
        {
          "name": "https://github.com/gradle/gradle/releases/tag/v8.4.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gradle/gradle/releases/tag/v8.4.0"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231110-0006/"
        }
      ],
      "source": {
        "advisory": "GHSA-mrff-q8qj-xvg8",
        "discovery": "UNKNOWN"
      },
      "title": "Possible local file exfiltration by XML External entity injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-42445",
    "datePublished": "2023-10-06T13:52:02.982Z",
    "dateReserved": "2023-09-08T20:57:45.572Z",
    "dateUpdated": "2025-06-16T17:08:05.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-46751 (GCVE-0-2022-46751)

Vulnerability from cvelistv5 – Published: 2023-08-21 06:55 – Updated: 2025-02-13 16:33

Title

Apache Ivy: XML External Entity vulnerability in Apache Ivy

Summary

Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used. This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed. Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about "JAXP Properties for External Access restrictions" inside Oracle's "Java API for XML Processing (JAXP) Security Guide".

Severity ?

No CVSS data available.

CWE

CWE-611 - Improper Restriction of XML External Entity Reference
CWE-91 - XML Injection (aka Blind XPath Injection)

Assigner

apache

References

URL

Tags

	https://docs.oracle.com/en/java/javase/13/securit…	mitigation
	https://gitbox.apache.org/repos/asf?p=ant-ivy.git…	patch
	https://lists.apache.org/thread/9gcz4xrsn8c7o9gb3…	release-notes
	https://lists.apache.org/thread/1dj60hg5nr36kjr4p…	vendor-advisory
	http://www.openwall.com/lists/oss-security/2023/09/06/9

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Ivy	Affected: 1.0.0 , ≤ 2.5.1 (semver)

Credits

CC Bomber, Kitri BoB Jenkins Security Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:39:38.282Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "mitigation",
              "x_transferred"
            ],
            "url": "https://docs.oracle.com/en/java/javase/13/security/java-api-xml-processing-jaxp-security-guide.html#GUID-94ABC0EE-9DC8-44F0-84AD-47ADD5340477"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://gitbox.apache.org/repos/asf?p=ant-ivy.git;a=commit;h=2be17bc18b0e1d4123007d579e43ba1a4b6fab3d"
          },
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/9gcz4xrsn8c7o9gb377xfzvkb8jltffr"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/06/9"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:ivy:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ivy",
            "vendor": "apache",
            "versions": [
              {
                "lessThanOrEqual": "2.5.1",
                "status": "affected",
                "version": "1.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 8.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-46751",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T20:07:17.726856Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T20:27:38.791Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Ivy",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.5.1",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "CC Bomber, Kitri BoB"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jenkins Security Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.\u003cp\u003eThis issue affects any version of Apache Ivy prior to 2.5.2.\u003c/p\u003e\u003cp\u003eWhen Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.\u003c/p\u003e\u003cp\u003eThis can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.\u003c/p\u003e\u003cp\u003eStarting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about \"JAXP Properties for External Access restrictions\" inside Oracle\u0027s \"Java API for XML Processing (JAXP) Security Guide\".\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.\n\nWhen Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.\n\nThis can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.\n\nStarting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.\n\nUsers of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about \"JAXP Properties for External Access restrictions\" inside Oracle\u0027s \"Java API for XML Processing (JAXP) Security Guide\"."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-91",
              "description": "CWE-91 XML Injection (aka Blind XPath Injection)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-06T14:06:11.958Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "mitigation"
          ],
          "url": "https://docs.oracle.com/en/java/javase/13/security/java-api-xml-processing-jaxp-security-guide.html#GUID-94ABC0EE-9DC8-44F0-84AD-47ADD5340477"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://gitbox.apache.org/repos/asf?p=ant-ivy.git;a=commit;h=2be17bc18b0e1d4123007d579e43ba1a4b6fab3d"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://lists.apache.org/thread/9gcz4xrsn8c7o9gb377xfzvkb8jltffr"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/06/9"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2022-11-30T17:54:00.000Z",
          "value": "reported to the ASF security team"
        },
        {
          "lang": "en",
          "time": "2023-08-20T21:00:00.000Z",
          "value": "made public"
        }
      ],
      "title": "Apache Ivy: XML External Entity vulnerability in Apache Ivy",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-46751",
    "datePublished": "2023-08-21T06:55:00.181Z",
    "dateReserved": "2022-12-07T12:23:31.486Z",
    "dateUpdated": "2025-02-13T16:33:53.044Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2976 (GCVE-0-2023-2976)

Vulnerability from cvelistv5 – Published: 2023-06-14 17:36 – Updated: 2025-11-03 21:47

Title

Use of temporary directory for file creation in `FileBackedOutputStream` in Guava

Summary

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

Creation of Temporary File With Insecure Permissions

Assigner

Google

References

URL

Tags

	https://github.com/google/guava/issues/2575
	https://security.netapp.com/advisory/ntap-2023081…
	https://www.intel.com/content/www/us/en/security-…

Impacted products

	Vendor	Product	Version
	Google	Guava	Affected: 1.0 , < 32.0.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:47:58.120Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/google/guava/issues/2575"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230818-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Guava",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "32.0.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUse of Java\u0027s default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.\u003c/p\u003e\u003cp\u003eEven though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.\u003c/p\u003e"
            }
          ],
          "value": "Use of Java\u0027s default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.\n\nEven though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-212",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-212 Functionality Misuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Creation of Temporary File With Insecure Permissions",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:05:56.194Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://github.com/google/guava/issues/2575"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230818-0008/"
        },
        {
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Use of temporary directory for file creation in `FileBackedOutputStream` in Guava",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2023-2976",
    "datePublished": "2023-06-14T17:36:40.640Z",
    "dateReserved": "2023-05-30T13:15:41.560Z",
    "dateUpdated": "2025-11-03T21:47:58.120Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-44981 (GCVE-0-2023-44981)

Vulnerability from cvelistv5 – Published: 2023-10-11 11:55 – Updated: 2025-04-23 16:15

Title

Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication

Summary

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default. Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue. Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue. See the documentation for more details on correct cluster administration.

Severity ?

No CVSS data available.

CWE

CWE-639 - Authorization Bypass Through User-Controlled Key

Assigner

apache

References

URL

Tags

	https://lists.apache.org/thread/wf0yrk84dg1942z1o…	vendor-advisory
	http://www.openwall.com/lists/oss-security/2023/10/11/4
	https://lists.debian.org/debian-lts-announce/2023…
	https://www.debian.org/security/2023/dsa-5544
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache ZooKeeper	Affected: 3.9.0 , < 3.9.1 (maven) Affected: 3.8.0 , ≤ 3.8.2 (maven) Affected: 3.7.0 , ≤ 3.7.1 (maven) Affected: 0 , < 3.7.0 (maven)

Credits

Damien Diederen <ddiederen@apache.org>

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:07:33.558Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/11/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00029.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5544"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-44981",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:27:01.720908Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:15:15.138Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.zookeeper:zookeeper",
          "product": "Apache ZooKeeper",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "3.9.1",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "3.8.2",
              "status": "affected",
              "version": "3.8.0",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "3.7.1",
              "status": "affected",
              "version": "3.7.0",
              "versionType": "maven"
            },
            {
              "lessThan": "3.7.0",
              "status": "affected",
              "version": "0",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Damien Diederen \u003cddiederen@apache.org\u003e"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (\u003ccode\u003equorum.auth.enableSasl=\u003c/code\u003e\u003ccode\u003etrue)\u003c/code\u003e, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it\u0027s missing, like \u0027eve@EXAMPLE.COM\u0027, the authorization check will be skipped.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAs a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eQuorum Peer authentication is not enabled by default.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eUsers are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAlternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee the documentation for more details on correct cluster administration.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it\u0027s missing, like \u0027eve@EXAMPLE.COM\u0027, the authorization check will be skipped.\u00a0As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree.\u00a0Quorum Peer authentication is not enabled by default.\n\nUsers are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue.\n\nAlternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.\n\nSee the documentation for more details on correct cluster administration."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "critical"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:08:15.553Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/11/4"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00029.html"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5544"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-44981",
    "datePublished": "2023-10-11T11:55:47.925Z",
    "dateReserved": "2023-10-02T08:44:58.183Z",
    "dateUpdated": "2025-04-23T16:15:15.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-5072 (GCVE-0-2023-5072)

Vulnerability from cvelistv5 – Published: 2023-10-12 16:13 – Updated: 2025-02-13 17:19

Title

DoS Vulnerability in JSON-Java

Summary

Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

Google

References

URL

Tags

	https://github.com/stleary/JSON-java/issues/758
	https://github.com/stleary/JSON-java/issues/771
	http://www.openwall.com/lists/oss-security/2023/12/13/4
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	https://github.com/stleary/JSON-java	n/a	Affected: 0 , ≤ 20230618 (date)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.789Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/stleary/JSON-java/issues/758"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/stleary/JSON-java/issues/771"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5072",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T16:23:55.801589Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T16:24:03.711Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "n/a",
          "vendor": "https://github.com/stleary/JSON-java",
          "versions": [
            {
              "lessThanOrEqual": "20230618",
              "status": "affected",
              "version": "0",
              "versionType": "date"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDenial of Service  in \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJSON-Java versions up to and including 20230618. \u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Denial of Service  in JSON-Java versions up to and including 20230618. \u00a0A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-197",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-197 Exponential Data Expansion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:08:23.050Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://github.com/stleary/JSON-java/issues/758"
        },
        {
          "url": "https://github.com/stleary/JSON-java/issues/771"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "DoS Vulnerability in JSON-Java",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2023-5072",
    "datePublished": "2023-10-12T16:13:27.974Z",
    "dateReserved": "2023-09-19T18:29:03.608Z",
    "dateUpdated": "2025-02-13T17:19:28.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-3070

CVE-2023-33201 (GCVE-0-2023-33201)

CVE-2023-20873 (GCVE-0-2023-20873)

CVE-2023-44387 (GCVE-0-2023-44387)

CVE-2023-31582 (GCVE-0-2023-31582)

CVE-2023-40167 (GCVE-0-2023-40167)

CVE-2023-41080 (GCVE-0-2023-41080)

CVE-2023-42445 (GCVE-0-2023-42445)

CVE-2022-46751 (GCVE-0-2022-46751)

CVE-2023-2976 (GCVE-0-2023-2976)

CVE-2023-44981 (GCVE-0-2023-44981)

CVE-2023-5072 (GCVE-0-2023-5072)

Tags

Sightings

Nomenclature