CVE-2023-0833 - OpenCVE

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	A-mq Streams
Squareup	Okhttp

Configuration 1 [-]

cpe:2.3:a:squareup:okhttp:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:a-mq_streams::::::::
	cpe:2.3:a:redhat:a-mq_streams::::::::

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:1241	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:3223	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-0833	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2169845	Issue Tracking Third Party Advisory
https://github.com/square/okhttp/issues/6738	Exploit Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2023-09-27T13:41:12.626Z

Updated: 2024-05-03T15:32:31.729Z

Reserved: 2023-02-14T18:56:25.296Z

Link: CVE-2023-0833

JSON object: View

NVD Information

Status : Modified

Published: 2023-09-27T15:16:03.257

Modified: 2023-11-07T04:01:33.210

Link: CVE-2023-0833

JSON object: View

Redhat Information

No data.

CWE

CWE-209

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-0833", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-02-14T18:56:25.296Z", "datePublished": "2023-09-27T13:41:12.626Z", "dateUpdated": "2024-05-03T15:32:31.729Z"}, "containers": {"cna": {"title": "Red hat a-mq streams: component version with information disclosure flaw", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions."}], "affected": [{"versions": [{"status": "unaffected", "version": "4.9.2"}], "packageName": "okhttp", "collectionURL": "https://github.com/square/okhttp"}, {"vendor": "Red Hat", "product": "Red Hat AMQ Streams 2.2.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "okhttp", "cpes": ["cpe:/a:redhat:amq_streams:2"]}, {"vendor": "Red Hat", "product": "Red Hat AMQ Streams 2.4.0", "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:amq_streams:2"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:1241", "name": "RHSA-2023:1241", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:3223", "name": "RHSA-2023:3223", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-0833", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169845", "name": "RHBZ#2169845", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/square/okhttp/issues/6738"}], "datePublic": "2023-02-14T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-209: Generation of Error Message Containing Sensitive Information", "timeline": [{"lang": "en", "time": "2023-02-14T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-02-14T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-05-03T15:32:31.729Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:squareup:okhttp:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEEBF288-A5A0-49DE-9291-249B9C805B35", "versionEndExcluding": "4.9.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:a-mq_streams:*:*:*:*:*:*:*:*", "matchCriteriaId": "29CDE024-A350-47DA-B96E-BA06F88551C3", "versionEndExcluding": "2.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:a-mq_streams:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD874C55-C1CA-48D2-AF4F-3F30C17EC05A", "versionEndExcluding": "2.4.0", "versionStartIncluding": "2.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en AMQ-Streams de Red Hat, que incluye una versi\u00f3n del componente OKHttp con una falla de divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s de una excepci\u00f3n activada por un encabezado que contiene un valor ilegal. Este problema podr\u00eda permitir que un atacante autenticado acceda a informaci\u00f3n fuera de sus permisos habituales."}], "id": "CVE-2023-0833", "lastModified": "2023-11-07T04:01:33.210", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2023-09-27T15:16:03.257", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:1241"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:3223"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-0833"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169845"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/square/okhttp/issues/6738"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-209"}], "source": "secalert@redhat.com", "type": "Secondary"}]}