4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
A flaw was found in Red Hat’s AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
[
{
"versions": [
{
"status": "unaffected",
"version": "4.9.2"
}
],
"packageName": "okhttp",
"collectionURL": "https://github.com/square/okhttp"
},
{
"vendor": "Red Hat",
"product": "Red Hat AMQ Streams 2.2.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected",
"packageName": "okhttp",
"cpes": [
"cpe:/a:redhat:amq_streams:2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat AMQ Streams 2.4.0",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:amq_streams:2"
]
}
]
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%