CVE-2023-1419

EPSS 0.19%
Published 17.11.2024 11:15:05
Last modified 18.11.2024 17:11:17
Source secalert@redhat.com
Teams watchlist Login
Open Login

A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorRed Hat

≫

Product Red Hat build of Debezium

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat Integration Change Data Capture

Default Statusunknown

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.416

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-233 Improper Handling of Parameters

The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.

https://access.redhat.com/security/cve/CVE-2023-1419

https://bugzilla.redhat.com/show_bug.cgi?id=2178722

https://nvd.nist.gov/vuln/detail/CVE-2023-1419

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-1419

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-1419

EUVD