Lucene search

Redhat.comRH:CVE-2024-23080

HistoryApr 11, 2024 - 1:21 p.m.

CVE-2024-23080

2024-04-1113:21:26

redhat.com

access.redhat.com

joda time

nullpointerexception

vulnerability

dispute

third parties

evidence

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

15.5%

JSON

Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.

References

bugzilla.redhat.com/show_bug.cgi?id=2274516

nvd.nist.gov/vuln/detail/CVE-2024-23080

www.cve.org/CVERecord?id=CVE-2024-23080

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for RH:CVE-2024-23080