3.3

CVE-2023-34442

EPSS 0.04%
Veröffentlicht 10.07.2023 16:15:52
Zuletzt bearbeitet 21.11.2024 08:07:15
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3.

Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Camel Version >= 3.0.0 < 3.14.9

Apache ≫ Camel Version >= 3.18.0 < 3.18.8

Apache ≫ Camel Version >= 3.20.0 < 3.20.6

Apache ≫ Camel Version4.0.0 Updatemilestone1

Apache ≫ Camel Version4.0.0 Updatemilestone2

Apache ≫ Camel Version4.0.0 Updatemilestone3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.127

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://lists.apache.org/thread/x4vy2hhbltb1xrvy1g6m8hpjgj2k7wgh

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2023-34442

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-34442

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-34442

EUVD