Veracode Vulnerability DatabaseVERACODE:41081Information Exposure
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
35.2%
vaadin is vulnerable to Information Exposure. The vulnerability exists due to a lack of validation for non-visible components in the UI on the server side, which allows an attacker to access sensitive information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| flow server | le | 9.1.0 | |
| flow server | le | 24.0.7 | |
| flow server | le | 23.3.10 | |
| flow server | le | 2.8.9 | |
| flow server | le | 1.0.19 | |
| flow server | le | 9.1.0 | |
| flow server | le | 24.0.7 | |
| flow server | le | 23.3.10 | |
| flow server | le | 2.8.9 | |
| flow server | le | 1.0.19 |
References
github.com/vaadin/flow/commit/1196c05b6d13cd35afa19fae4a1c70a6e53a1eac
github.com/vaadin/flow/commit/4a86ff547b8c3f629458e4e447c0947f7d38495f
github.com/vaadin/flow/commit/d6eb9320416dcee1cfb06d6d7b76e32714ee1952
github.com/vaadin/flow/commit/dab9d329c76e85c0127e11d18c4ce4bfec7614e9
github.com/vaadin/flow/commit/dde3e497363e30816945634fa0c2647a180dd34f
github.com/vaadin/flow/commit/dfe98066ed49ff62b696d808550d772fd107c64b
github.com/vaadin/flow/commit/eab4f09bf64db9cdc8277464560af3c4c8e188b1
github.com/vaadin/flow/pull/15885
vaadin.com/security/CVE-2023-25499
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
35.2%