CVE-2023-0833 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-0833

CVE-2023-0833

September 27, 2023

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.

Related Resources (5)

https://access.redhat.com/errata/RHSA-2023:1241

https://access.redhat.com/errata/RHSA-2023:3223

https://github.com/square/okhttp/issues/6738

https://access.redhat.com/security/cve/CVE-2023-0833

https://bugzilla.redhat.com/show_bug.cgi?id=2169845

Do you need more information?

CVSS v4

Base Score:

5.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Generation of Error Message Containing Sensitive Information

CWE-209

EPSS

Base Score:

0.04

Products

Solutions

Resources

Company

Compare

Developer Tools