CVE-2024-22371Insecure Storage of Sensitive Information in Apache Camel

CWE-922Insecure Storage of Sensitive InformationCWE-201Sensitive Info Insertion into Sent DataCWE-200Sensitive Information Exposure6 documents6 sources
Severity
7.5HIGHNVD
CNA2.9
EPSS
0.9%
top 25.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache CamelApache Software Foundation Apache Camel
Timeline
PublishedFeb 26

Description

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDapache/camel3.0.03.21.4+3
CVEListV5apache_software_foundation/apache_camel3.21.x3.21.3+3

🔴Vulnerability Details

3
OSV
Apache Camel data exposure vulnerability2024-02-26
CVEList
Apache Camel issue on ExchangeCreatedEvent2024-02-26
GHSA
Apache Camel data exposure vulnerability2024-02-26

📋Vendor Advisories

2
Red Hat
camel-core: Exposure of sensitive data by crafting a malicious EventFactory2024-02-23
Apache
Apache camel: CVE-2024-22371
CVE-2024-22371 — Apache Camel vulnerability | cvebase