Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-25633

Опубликовано: 04 сент. 2020
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.

A flaw was found in the RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. This flaw allows client users to obtain the server's potentially sensitive information when the server receives the WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to confidentiality.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
A-MQ Clients 2resteasy-clientNot affected
Red Hat build of Quarkusresteasy-clientAffected
Red Hat CodeReady Studio 12resteasy-clientNot affected
Red Hat Data Grid 8resteasy-clientNot affected
Red Hat Decision Manager 7resteasy-clientNot affected
Red Hat Enterprise Linux 7resteasy-baseWill not fix
Red Hat Enterprise Linux 8pki-deps:10.6/resteasyWill not fix
Red Hat Integration Service Registryresteasy-clientFix deferred
Red Hat JBoss Data Grid 7resteasy-clientOut of support scope
Red Hat JBoss Enterprise Application Platform Continuous Deliveryresteasy-clientOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-209
https://bugzilla.redhat.com/show_bug.cgi?id=1879042resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling

EPSS

Процентиль: 46%
0.00234
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-25633

CVSS3: 5.3
ubuntu
почти 5 лет назад

A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.

nvd логотип

CVE-2020-25633

CVSS3: 5.3
nvd
почти 5 лет назад

A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.

debian логотип

CVE-2020-25633

CVSS3: 5.3
debian
почти 5 лет назад

A flaw was found in RESTEasy client in all versions of RESTEasy up to ...

github логотип

GHSA-hr32-mgpm-qf2f

CVSS3: 5.3
github
около 4 лет назад

Generation of Error Message Containing Sensitive Information in RESTEasy client

redos логотип

ROS-20250807-05

CVSS3: 7.5
redos
7 дней назад

Множественные уязвимости resteasy

EPSS

Процентиль: 46%
0.00234
Низкий

5.3 Medium

CVSS3