QwikSec

Security Database

CVE

CWE

Training

CVE-2023-0833

Published: Sep 27, 2023

Modified: Aug 2, 2024

PUBLISHED

CVSS v3.1

4.7

MEDIUM

Description

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.

Vendor	Product	Versions
Unknown	okhttp	unaffected `4.9.2`
Red Hat	Red Hat AMQ Streams 2.2.1	All versions
Red Hat	Red Hat AMQ Streams 2.4.0	All versions

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2023-0833

vdb-entry

x_refsource_REDHAT

issue-tracking

x_refsource_REDHAT

https://github.com/square/okhttp/issues/6738

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.