CVE-2025-29868

EPSS 2.08%
Veröffentlicht 01.04.2025 08:15:14
Zuletzt bearbeitet 15.04.2025 13:07:54
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Answer: Using externally referenced images can leak user privacy.

Private Data Structure Returned From A Public Method vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.4.2.

If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about the ip address of that accessing user.
Users are recommended to upgrade to version 1.4.5, which fixes the issue. In the new version, administrators can set whether external content can be displayed.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Answer Version <= 1.4.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.08%	0.841

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-495 Private Data Structure Returned From A Public Method

The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.

https://lists.apache.org/thread/l7pohw5g03g3qsvrz8pqc9t29mdv5lhf

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2025/04/01/2

Mailing List

http://www.openwall.com/lists/oss-security/2025/04/02/1

Mailing List

http://www.openwall.com/lists/oss-security/2025/04/10/3

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-29868

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-29868

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-29868

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-29868