Data Exposure Vulnerability in RESTEasy Client by Red Hat
CVE-2020-25633

5.3MEDIUM

Key Information:

Vendor: Red Hat
Status: Resteasy-client
Vendor: CVE Published:; 18 September 2020

Summary

A vulnerability in the RESTEasy client allows users to unintentionally access potentially sensitive information from the server when a WebApplicationException is generated during a RESTEasy client call. This flaw could lead to unauthorized disclosure of the server's data, posing a significant risk to data confidentiality.

Affected Version(s)

resteasy-client through 4.5.6

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2020
Vulnerability Reserved
Sep 16, 2020