Vaadin vulnerable to possible information disclosure in non visible components.

🗓️ 22 Jun 2023 20:01:11Reported by GitHub Advisory DatabaseType

Vaadin non-visible components vulnerability in versions 10.0.0-24.1.0.beta1

Reporter	Title	Published	Views	Family All 15
CNNVD	Vaadin 信息泄露漏洞	22 Jun 202300:00	–	cnnvd
CVE	CVE-2023-25499	22 Jun 202312:47	–	cve
Cvelist	CVE-2023-25499 Possible information disclosure in non visible components	22 Jun 202312:47	–	cvelist
EUVD	EUVD-2023-1700	3 Oct 202520:07	–	euvd
NVD	CVE-2023-25499	22 Jun 202313:15	–	nvd
OSV	CVE-2023-25499	22 Jun 202313:15	–	osv
OSV	GHSA-5F9V-MV5G-JH5Q Vaadin vulnerable to possible information disclosure in non visible components.	22 Jun 202320:01	–	osv
Prion	Information disclosure	22 Jun 202313:15	–	prion
Positive Technologies	PT-2023-20114 · Vaadin · Vaadin	22 Jun 202300:00	–	ptsecurity
Vaadin	Possible information disclosure in non visible components	22 Jun 202300:00	–	vaadin

Vulners

Node

com.vaadin flow-serverRange24.1.0.alpha1–24.1.0maven

com.vaadin flow-serverRange24.0.0–24.0.8maven

com.vaadin flow-serverRange23.0.0–23.3.11maven

com.vaadin flow-serverRange3.0.0–9.1.1maven

com.vaadin flow-serverRange1.1.0–2.8.10maven

com.vaadin flow-serverRange1.0.0–1.0.20maven

com.vaadin vaadinRange24.1.0.alpha1–24.1.0maven

com.vaadin vaadinRange24.0.0–24.0.6maven

com.vaadin vaadinRange23.0.0–23.3.13maven

com.vaadin vaadinRange11.0.0–14.10.1maven

com.vaadin vaadinRange10.0.0–10.0.23maven

Source	Link
github	www.github.com/vaadin/platform/security/advisories/GHSA-5f9v-mv5g-jh5q
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-25499
github	www.github.com/vaadin/flow/pull/15885
vaadin	www.vaadin.com/security/CVE-2023-25499
github	www.github.com/advisories/GHSA-5f9v-mv5g-jh5q

11 Nov 2023 05:06Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.15.7 - 6.5

EPSS0.00243

SSVC