Lucene search

Veracode Vulnerability DatabaseVERACODE:41081

HistoryJun 29, 2023 - 12:56 p.m.

Information Exposure

2023-06-2912:56:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vaadin

vulnerability

information exposure

server side

sensitive information

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

35.2%

JSON

vaadin is vulnerable to Information Exposure. The vulnerability exists due to a lack of validation for non-visible components in the UI on the server side, which allows an attacker to access sensitive information.

References

github.com/vaadin/flow/commit/1196c05b6d13cd35afa19fae4a1c70a6e53a1eac

github.com/vaadin/flow/commit/4a86ff547b8c3f629458e4e447c0947f7d38495f

github.com/vaadin/flow/commit/d6eb9320416dcee1cfb06d6d7b76e32714ee1952

github.com/vaadin/flow/commit/dab9d329c76e85c0127e11d18c4ce4bfec7614e9

github.com/vaadin/flow/commit/dde3e497363e30816945634fa0c2647a180dd34f

github.com/vaadin/flow/commit/dfe98066ed49ff62b696d808550d772fd107c64b

github.com/vaadin/flow/commit/eab4f09bf64db9cdc8277464560af3c4c8e188b1

github.com/vaadin/flow/pull/15885

vaadin.com/security/CVE-2023-25499

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

35.2%

JSON

Related for VERACODE:41081