CVE-2023-0833Information Exposure via Error Message in Redhat A-mq Streams

CWE-209Information Exposure via Error Message5 documents5 sources
Severity
5.5MEDIUMNVD
CNA4.7
EPSS
0.0%
top 88.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat A-mq StreamsSquareup Okhttp
Timeline
PublishedSep 27
Latest updateApr 15

Description

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDsquareup/okhttp< 4.9.2
NVDredhat/a-mq_streams2.3.02.4.0+1

🔴Vulnerability Details

2
GHSA
GHSA-8fhc-q55v-jvx2: A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggere2023-09-27
CVEList
Red hat a-mq streams: component version with information disclosure flaw2023-09-27

📋Vendor Advisories

2
Oracle
Oracle Oracle Communications Applications Risk Matrix: Patch (OkHttp) — CVE-2023-08332024-04-15
Red Hat
Streams: component version with information disclosure flaw2023-02-14
CVE-2023-0833 — Information Exposure via Error Message | cvebase