CVE-2023-0833

2023-09-2715:16:03

Google

osv.dev

red hat

amq-streams

okhttp

information disclosure

authenticated attacker

permissions

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

A flaw was found in Red Hat’s AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.

CPENameOperatorVersion
okhttpeqparent-4.0.0
okhttpeqparent-2.0.0
okhttpeqparent-3.13.1
okhttpeqparent-3.4.0-RC1
okhttpeqparent-2.4.0-RC1
okhttpeqparent-3.6.0
okhttpeqparent-1.1.1
okhttpeqparent-4.1.0
okhttpeqparent-3.0.0
okhttpeqparent-4.0.0-ALPHA01

Name	Operator	Version
okhttp	eq	parent-4.0.0
okhttp	eq	parent-2.0.0
okhttp	eq	parent-3.13.1
okhttp	eq	parent-3.4.0-RC1
okhttp	eq	parent-2.4.0-RC1
okhttp	eq	parent-3.6.0
okhttp	eq	parent-1.1.1
okhttp	eq	parent-4.1.0
okhttp	eq	parent-3.0.0
okhttp	eq	parent-4.0.0-ALPHA01