CVE-2022-31679 - OpenCVE

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Vmware	Spring Data Rest

Configuration 1 [-]

OR	cpe:2.3:a:vmware:spring_data_rest::::::::
	cpe:2.3:a:vmware:spring_data_rest::::::::

References

Link	Resource
https://tanzu.vmware.com/security/cve-2022-31679	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: vmware

Published: 2022-09-21T17:42:42

Updated: 2022-09-21T17:42:42

Reserved: 2022-05-25T00:00:00

Link: CVE-2022-31679

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-21T18:15:10.093

Modified: 2022-09-22T19:42:21.610

Link: CVE-2022-31679

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Spring Data REST", "vendor": "n/a", "versions": [{"status": "affected", "version": "Spring Data REST Versions before 3.6.7 and 3.7.3"}]}], "descriptions": [{"lang": "en", "value": "Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes."}], "problemTypes": [{"descriptions": [{"description": "Potential Unintended Data Exposure for Resource Exposed", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-21T17:42:42", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://tanzu.vmware.com/security/cve-2022-31679"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2022-31679", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spring Data REST", "version": {"version_data": [{"version_value": "Spring Data REST Versions before 3.6.7 and 3.7.3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Potential Unintended Data Exposure for Resource Exposed"}]}]}, "references": {"reference_data": [{"name": "https://tanzu.vmware.com/security/cve-2022-31679", "refsource": "MISC", "url": "https://tanzu.vmware.com/security/cve-2022-31679"}]}}}}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2022-31679", "datePublished": "2022-09-21T17:42:42", "dateReserved": "2022-05-25T00:00:00", "dateUpdated": "2022-09-21T17:42:42", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}