Veracode Vulnerability DatabaseVERACODE:41078Information Disclosure
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
29.7%
Vaadin is vulnerable to Information Disclosure. The vulnerability exists due to lack of masking sensitive debug messages which allows an attacker to view information such as class and method names included in RPC responses by sending modified requests.
| CPE | Name | Operator | Version |
|---|---|---|---|
| flow server | le | 2.9.2 | |
| flow server | le | 9.1.1 | |
| flow server | le | 24.0.8 | |
| flow server | le | 23.3.12 | |
| flow server | le | 1.0.20 | |
| flow server | le | 2.9.2 | |
| flow server | le | 9.1.1 | |
| flow server | le | 24.0.8 | |
| flow server | le | 23.3.12 | |
| flow server | le | 1.0.20 |
References
github.com/vaadin/flow/commit/1717a07c56d8cb7887a61e4dc7eae2a4597d4988
github.com/vaadin/flow/commit/1814087ba77cd9946fe12b4d4d5fc136c6f943df
github.com/vaadin/flow/commit/1814087ba77cd9946fe12b4d4d5fc136c6f943df
github.com/vaadin/flow/commit/2b81a152d8e2b956e96fac966b53acbdce9057e7
github.com/vaadin/flow/commit/402388840e575c0b5fbcdde037ebdc7317035d43
github.com/vaadin/flow/commit/4ddc1a901a4c84853b5c7aa025a3cd6545f1f66e
github.com/vaadin/flow/commit/6dbb2da232146cc2be503b75f3cf1325bee11586
github.com/vaadin/flow/pull/16935
vaadin.com/security/CVE-2023-25500
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
29.7%