Sensitive Data Exposure Vulnerability in Apache Camel
CVE-2024-22371

2.9LOW

Key Information:

Vendor: Apache
Status: Apache Camel
Vendor: CVE Published:; 26 February 2024

Summary

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.

Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.

Affected Version(s)

Apache Camel 3.21.x <= 3.21.3

Apache Camel 3.22.x <= 3.22.0

Apache Camel 4.0.x <= 4.0.3

References

https://camel.apache.org/security/CVE-2024-22371.html

vendor-advisory

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 26, 2024
Vulnerability Reserved
Jan 9, 2024

Credit

Otavio Rodolfo Piske from the Apache Software Foundation