admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-25500.md

20 lines
1.0 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-25500](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25500)
![](https://img.shields.io/static/v1?label=Product&message=flow-server&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=vaadin&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%3D%201.0.20%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%3D%2010.0.23%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen)
### Description
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/muneebaashiq/MBProjects
Reference in New Issue Copy Permalink