CVE-2023-34442

CWE-200 — Information Exposure6 documents6 sources

Severity

3.3LOW

EPSS

0.0%

top 86.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Camel Apache Software Foundation Apache Camel Jira

Timeline

PublishedJul 10

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5apache_software_foundation/apache_camel_jira3.x — <=3.14.8+3

▶NVDapache/camel3.0.0 — 3.14.9+3

▶Mavenorg.apache.camel:camel-jira3.0.0-M3 — 3.14.9+3

🔴Vulnerability Details

CVEList

Apache Camel JIRA: Temporary file information disclosure in Camel-Jira↗2023-07-10

▶

OSV

Apache Camel information exposure vulnerability↗2023-07-10

▶

GHSA

Apache Camel information exposure vulnerability↗2023-07-10

▶

📋Vendor Advisories

Red Hat

camel-jira: Temporary file information disclosure in Camel-Jira↗2023-07-07

▶

Apache

Apache camel: CVE-2023-34442↗

▶