6.8 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.8%
org.eclipse.edc: data-plane-http-oauth2-core is vulnerable to Sensitive Information Disclosure. The vulnerability arises from a misconfiguration in the OAuth2-protected data sink feature, where the consumer-provided clientSecretKey is resolved in the context of the provider’s vault instead of the consumer’s vault, potentially exposing sensitive secrets to attackers. This feature has been disabled due to incomplete implementation of necessary code paths.
CPE | Name | Operator | Version |
---|---|---|---|
data-plane-http-oauth2-core | le | 0.6.2 | |
data-plane-http-oauth2-core | le | 0.6.2 |
6.8 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.8%