Vulnerabilites related to squareup - okhttp
Vulnerability from fkie_nvd
Published
2023-09-27 15:16
Modified
2024-11-21 07:37
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squareup | okhttp | * | |
| redhat | a-mq_streams | * | |
| redhat | a-mq_streams | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squareup:okhttp:*:*:*:*:*:*:*:*", matchCriteriaId: "BEEBF288-A5A0-49DE-9291-249B9C805B35", versionEndExcluding: "4.9.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:a-mq_streams:*:*:*:*:*:*:*:*", matchCriteriaId: "29CDE024-A350-47DA-B96E-BA06F88551C3", versionEndExcluding: "2.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:a-mq_streams:*:*:*:*:*:*:*:*", matchCriteriaId: "FD874C55-C1CA-48D2-AF4F-3F30C17EC05A", versionEndExcluding: "2.4.0", versionStartIncluding: "2.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.", }, { lang: "es", value: "Se encontró una falla en AMQ-Streams de Red Hat, que incluye una versión del componente OKHttp con una falla de divulgación de información a través de una excepción activada por un encabezado que contiene un valor ilegal. Este problema podría permitir que un atacante autenticado acceda a información fuera de sus permisos habituales.", }, ], id: "CVE-2023-0833", lastModified: "2024-11-21T07:37:55.277", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-27T15:16:03.257", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:1241", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:3223", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-0833", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169845", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/square/okhttp/issues/6738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:1241", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:3223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-0833", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169845", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/square/okhttp/issues/6738", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-209", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-209", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-18 19:29
Modified
2024-11-21 04:01
Severity ?
Summary
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squareup:okhttp:*:*:*:*:*:*:*:*", matchCriteriaId: "F6889A8C-87B7-49BE-B316-62267FEF895E", versionEndIncluding: "3.12.0", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967", }, { lang: "es", value: "** EN DISPUTA ** CertificatePinner.java en OkHttp desde la versión 3.x hasta la 3.12.0 permite un ataque man-in-the-middle para eludir la fijación de certificados cambiando SSLContext y los valores booleanos mientras enganchan la aplicación. NOTA: Esta identificación es cuestionada porque algunas partes no consideran que sea una vulnerabilidad. Su razón de ser se puede encontrar en https://github.com/square/okhttp/issues/4967.", }, ], id: "CVE-2018-20200", lastModified: "2024-11-21T04:01:05.203", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-18T19:29:01.347", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://cxsecurity.com/issue/WLB-2018120252", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/square/okhttp/commits/master", }, { source: "cve@mitre.org", url: "https://github.com/square/okhttp/issues/4967", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://github.com/square/okhttp/releases", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r0dd7ff197b2e3bdd80a0326587ca3d0c22e10d1dba17c769d6da7d7a%40%3Cuser.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r71100f23778d72fbd8be8baa6baffc159b9c4f3fae3db4826bdc8ab8%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r78bfce980843be61a55615a7680bbf7ac751a9b3515231eab2d32068%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rc436d58531754ac8fe20340044566518ea4dce66aeff9193356a225d%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/recce57e195fbdd856dcf1933c136a8a66d7b02e05e3580f44d75a640%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rfd1eed12ba2a5dff37229edd60fc84a25517815d848994146a15af91%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://square.github.io/okhttp/3.x/okhttp/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://cxsecurity.com/issue/WLB-2018120252", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/square/okhttp/commits/master", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/square/okhttp/issues/4967", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/square/okhttp/releases", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0dd7ff197b2e3bdd80a0326587ca3d0c22e10d1dba17c769d6da7d7a%40%3Cuser.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r71100f23778d72fbd8be8baa6baffc159b9c4f3fae3db4826bdc8ab8%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r78bfce980843be61a55615a7680bbf7ac751a9b3515231eab2d32068%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc436d58531754ac8fe20340044566518ea4dce66aeff9193356a225d%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/recce57e195fbdd856dcf1933c136a8a66d7b02e05e3580f44d75a640%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rfd1eed12ba2a5dff37229edd60fc84a25517815d848994146a15af91%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://square.github.io/okhttp/3.x/okhttp/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-30 22:59
Modified
2024-11-21 02:48
Severity ?
Summary
OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squareup:okhttp:*:*:*:*:*:*:*:*", matchCriteriaId: "770E740C-33B8-4A51-B55F-B240F33960BD", versionEndIncluding: "2.7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:squareup:okhttp3:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A4AD815F-E998-4C8D-B64C-B5C6E0750D3D", vulnerable: true, }, { criteria: "cpe:2.3:a:squareup:okhttp3:3.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "D6367344-FB92-46BE-B460-423573309C88", vulnerable: true, }, { criteria: "cpe:2.3:a:squareup:okhttp3:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "37FD7BC3-0E9A-4BFE-9058-8C55A495EF2C", vulnerable: true, }, { criteria: "cpe:2.3:a:squareup:okhttp3:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "FA32D418-4F2A-4CE8-9AE0-5168B7DDF7A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squareup:okhttp3:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "AA482A17-1951-4725-90C5-CCD39CD4A220", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.", }, { lang: "es", value: "OkHttp antes de 2.7.4 y 3.x antes de 3.1.2 permite que los atacantes man-in-the-middle eludan la fijación de certificados enviando una cadena de certificados con un CA no fijado confiable y el certificado fijado.", }, ], id: "CVE-2016-2402", lastModified: "2024-11-21T02:48:23.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-30T22:59:00.390", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/02/10/8", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/02/18/7", }, { source: "cve@mitre.org", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://koz.io/pinning-cve-2016-2402/", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/02/10/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/02/18/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://koz.io/pinning-cve-2016-2402/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2018-20200
Vulnerability from cvelistv5
Published
2019-04-18 18:31
Modified
2024-08-05 11:58
Severity ?
EPSS score ?
Summary
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:58:19.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://square.github.io/okhttp/3.x/okhttp/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/square/okhttp/releases", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/square/okhttp/commits/master", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cxsecurity.com/issue/WLB-2018120252", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/square/okhttp/issues/4967", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "[flink-user] 20201022 Dependency vulnerabilities with flink 1.11.1 version", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0dd7ff197b2e3bdd80a0326587ca3d0c22e10d1dba17c769d6da7d7a%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-issues] 20201023 [jira] [Assigned] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r71100f23778d72fbd8be8baa6baffc159b9c4f3fae3db4826bdc8ab8%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20201023 [jira] [Commented] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc436d58531754ac8fe20340044566518ea4dce66aeff9193356a225d%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20201023 [jira] [Updated] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/recce57e195fbdd856dcf1933c136a8a66d7b02e05e3580f44d75a640%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20201026 [jira] [Closed] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rfd1eed12ba2a5dff37229edd60fc84a25517815d848994146a15af91%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20201026 [jira] [Commented] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r78bfce980843be61a55615a7680bbf7ac751a9b3515231eab2d32068%40%3Cissues.flink.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-12-31T00:00:00", descriptions: [ { lang: "en", value: "CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-12-16T05:06:20", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://square.github.io/okhttp/3.x/okhttp/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/square/okhttp/releases", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/square/okhttp/commits/master", }, { tags: [ "x_refsource_MISC", ], url: "https://cxsecurity.com/issue/WLB-2018120252", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/square/okhttp/issues/4967", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "[flink-user] 20201022 Dependency vulnerabilities with flink 1.11.1 version", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0dd7ff197b2e3bdd80a0326587ca3d0c22e10d1dba17c769d6da7d7a%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-issues] 20201023 [jira] [Assigned] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r71100f23778d72fbd8be8baa6baffc159b9c4f3fae3db4826bdc8ab8%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20201023 [jira] [Commented] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc436d58531754ac8fe20340044566518ea4dce66aeff9193356a225d%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20201023 [jira] [Updated] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/recce57e195fbdd856dcf1933c136a8a66d7b02e05e3580f44d75a640%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20201026 [jira] [Closed] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rfd1eed12ba2a5dff37229edd60fc84a25517815d848994146a15af91%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20201026 [jira] [Commented] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r78bfce980843be61a55615a7680bbf7ac751a9b3515231eab2d32068%40%3Cissues.flink.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20200", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://square.github.io/okhttp/3.x/okhttp/", refsource: "MISC", url: "https://square.github.io/okhttp/3.x/okhttp/", }, { name: "https://github.com/square/okhttp/releases", refsource: "MISC", url: "https://github.com/square/okhttp/releases", }, { name: "https://github.com/square/okhttp/commits/master", refsource: "MISC", url: "https://github.com/square/okhttp/commits/master", }, { name: "https://cxsecurity.com/issue/WLB-2018120252", refsource: "MISC", url: "https://cxsecurity.com/issue/WLB-2018120252", }, { name: "https://github.com/square/okhttp/issues/4967", refsource: "MISC", url: "https://github.com/square/okhttp/issues/4967", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { name: "[flink-user] 20201022 Dependency vulnerabilities with flink 1.11.1 version", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0dd7ff197b2e3bdd80a0326587ca3d0c22e10d1dba17c769d6da7d7a@%3Cuser.flink.apache.org%3E", }, { name: "[flink-issues] 20201023 [jira] [Assigned] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r71100f23778d72fbd8be8baa6baffc159b9c4f3fae3db4826bdc8ab8@%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20201023 [jira] [Commented] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc436d58531754ac8fe20340044566518ea4dce66aeff9193356a225d@%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20201023 [jira] [Updated] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200", refsource: "MLIST", url: "https://lists.apache.org/thread.html/recce57e195fbdd856dcf1933c136a8a66d7b02e05e3580f44d75a640@%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20201026 [jira] [Closed] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rfd1eed12ba2a5dff37229edd60fc84a25517815d848994146a15af91@%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20201026 [jira] [Commented] (FLINK-19784) Upgrade okhttp to 3.13.0 or newer due to CVE-2018-20200", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r78bfce980843be61a55615a7680bbf7ac751a9b3515231eab2d32068@%3Cissues.flink.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20200", datePublished: "2019-04-18T18:31:52", dateReserved: "2018-12-18T00:00:00", dateUpdated: "2024-08-05T11:58:19.134Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2402
Vulnerability from cvelistv5
Published
2017-01-30 22:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| https://koz.io/pinning-cve-2016-2402/ | x_refsource_MISC | |
| https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/02/10/8 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/02/18/7 | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:24:49.347Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://koz.io/pinning-cve-2016-2402/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/", }, { name: "[oss-security] 20160210 CVE request - OkHttp Certificate Pining Bypass", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/02/10/8", }, { name: "[oss-security] 20160217 Re: CVE request - OkHttp Certificate Pining Bypass", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/02/18/7", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-10T00:00:00", descriptions: [ { lang: "en", value: "OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-12-16T05:06:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://koz.io/pinning-cve-2016-2402/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/", }, { name: "[oss-security] 20160210 CVE request - OkHttp Certificate Pining Bypass", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/02/10/8", }, { name: "[oss-security] 20160217 Re: CVE request - OkHttp Certificate Pining Bypass", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/02/18/7", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-2402", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://koz.io/pinning-cve-2016-2402/", refsource: "MISC", url: "https://koz.io/pinning-cve-2016-2402/", }, { name: "https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/", refsource: "CONFIRM", url: "https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/", }, { name: "[oss-security] 20160210 CVE request - OkHttp Certificate Pining Bypass", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/02/10/8", }, { name: "[oss-security] 20160217 Re: CVE request - OkHttp Certificate Pining Bypass", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/02/18/7", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-2402", datePublished: "2017-01-30T22:00:00", dateReserved: "2016-02-17T00:00:00", dateUpdated: "2024-08-05T23:24:49.347Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-0833
Vulnerability from cvelistv5
Published
2023-09-27 13:41
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:1241 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:3223 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-0833 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2169845 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/square/okhttp/issues/6738 |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ||||||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:24:34.652Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:1241", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:1241", }, { name: "RHSA-2023:3223", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:3223", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-0833", }, { name: "RHBZ#2169845", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169845", }, { tags: [ "x_transferred", ], url: "https://github.com/square/okhttp/issues/6738", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/square/okhttp", packageName: "okhttp", versions: [ { status: "unaffected", version: "4.9.2", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:amq_streams:2", ], defaultStatus: "unaffected", packageName: "okhttp", product: "Red Hat AMQ Streams 2.2.1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:amq_streams:2", ], defaultStatus: "unaffected", product: "Red Hat AMQ Streams 2.4.0", vendor: "Red Hat", }, ], datePublic: "2023-02-14T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "Generation of Error Message Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T15:32:31.729Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:1241", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:1241", }, { name: "RHSA-2023:3223", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:3223", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-0833", }, { name: "RHBZ#2169845", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169845", }, { url: "https://github.com/square/okhttp/issues/6738", }, ], timeline: [ { lang: "en", time: "2023-02-14T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-02-14T00:00:00+00:00", value: "Made public.", }, ], title: "Red hat a-mq streams: component version with information disclosure flaw", x_redhatCweChain: "CWE-209: Generation of Error Message Containing Sensitive Information", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-0833", datePublished: "2023-09-27T13:41:12.626Z", dateReserved: "2023-02-14T18:56:25.296Z", dateUpdated: "2024-08-02T05:24:34.652Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }