CVE-2023-0833

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
redhatCNA
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
squareupokhttp
𝑥
< 4.9.2
redhata-mq_streams
𝑥
< 2.2.1
redhata-mq_streams
2.3.0 ≤
𝑥
< 2.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2023:1241
https://access.redhat.com/errata/RHSA-2023:3223
https://access.redhat.com/security/cve/CVE-2023-0833
https://bugzilla.redhat.com/show_bug.cgi?id=2169845
https://github.com/square/okhttp/issues/6738
https://access.redhat.com/errata/RHSA-2023:1241
https://access.redhat.com/errata/RHSA-2023:3223
https://access.redhat.com/security/cve/CVE-2023-0833
https://bugzilla.redhat.com/show_bug.cgi?id=2169845
https://github.com/square/okhttp/issues/6738