Vaadin vulnerable to possible information disclosure of class and method names in RPC response

🗓️ 22 Jun 2023 20:01:03Reported by GitHub Advisory DatabaseType

Possible information disclosure in Vaadin 10.0.0 to 24.1.0.rc

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2023-25500	28 Jan 202400:20	–	circl
CNNVD	Vaadin 信息泄露漏洞	22 Jun 202300:00	–	cnnvd
CVE	CVE-2023-25500	22 Jun 202312:49	–	cve
Cvelist	CVE-2023-25500	22 Jun 202312:49	–	cvelist
EUVD	EUVD-2023-1775	3 Oct 202520:07	–	euvd
NVD	CVE-2023-25500	22 Jun 202313:15	–	nvd
OSV	CVE-2023-25500	22 Jun 202313:15	–	osv
OSV	GHSA-CH48-9R3Q-PV7X Vaadin vulnerable to possible information disclosure of class and method names in RPC response	22 Jun 202320:01	–	osv
Prion	Information disclosure	22 Jun 202313:15	–	prion
Vaadin	Possible information disclosure of class and method names in RPC response	22 Jun 202300:00	–	vaadin

Vulners

Node

com.vaadin vaadinRange24.1.0.alpha1–24.1.0maven

com.vaadin vaadinRange24.0.0–24.0.7maven

com.vaadin vaadinRange23.0.0–23.3.14maven

com.vaadin vaadinRange15.0.0–22.1.0maven

com.vaadin vaadinRange11.0.0–14.10.2maven

com.vaadin vaadinRange10.0.0–10.0.24maven

com.vaadin flow-serverRange24.1.alpha1–24.1.0maven

com.vaadin flow-serverRange24.0.0–24.0.9maven

com.vaadin flow-serverRange23.0.0–23.3.13maven

com.vaadin flow-serverRange3.0.0–9.1.2maven

com.vaadin flow-serverRange1.1.0–2.9.3maven

com.vaadin flow-serverRange1.0.0–1.0.21maven

Source	Link
github	www.github.com/vaadin/platform/security/advisories/GHSA-ch48-9r3q-pv7x
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-25500
github	www.github.com/vaadin/flow/pull/16935
vaadin	www.vaadin.com/security/cve-2023-25500
github	www.github.com/advisories/GHSA-ch48-9r3q-pv7x

11 Nov 2023 05:05Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.13.5 - 4.3

EPSS0.00305

SSVC