CVE-2023-0833

Опубликовано: 27 сент. 2023

Источник: nvd

CVSS3: 4.7

CVSS3: 5.5

EPSS Низкий

Описание

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.

Ссылки

https://access.redhat.com/errata/RHSA-2023:1241
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:3223
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-0833
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2169845
Issue Tracking
Third Party Advisory
https://github.com/square/okhttp/issues/6738
Exploit
Issue Tracking
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:1241
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:3223
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-0833
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2169845
Issue Tracking
Third Party Advisory
https://github.com/square/okhttp/issues/6738
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:squareup:okhttp:*:*:*:*:*:*:*:*

Версия до 4.9.2 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:redhat:a-mq_streams:*:*:*:*:*:*:*:*

Версия до 2.2.1 (исключая)

cpe:2.3:a:redhat:a-mq_streams:*:*:*:*:*:*:*:*

Версия от 2.3.0 (включая) до 2.4.0 (исключая)

EPSS

Процентиль: 10%

0.00036

Низкий

4.7 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-209

Связанные уязвимости

CVE-2023-0833

CVSS3: 4.7

redhat

почти 3 года назад

GHSA-8fhc-q55v-jvx2

CVSS3: 4.7

github

больше 2 лет назад

EPSS

Процентиль: 10%

0.00036

Низкий

4.7 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-209