CVE-2020-25633
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2020-25633
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | sid | affected | |
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| debian | forky | affected | |
| debian | trixie | affected | |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.jboss.resteasy:resteasy-client | >=4.0.0,<4.5.7.Final | 4.5.7.Final |
| Maven | org.jboss.resteasy:resteasy-client-microprofile | >=4.0.0,<4.5.7.Final | 4.5.7.Final |
| Maven | org.jboss.resteasy:resteasy-client | <3.14.0.Final | 3.14.0.Final |
| Maven | org.jboss.resteasy:resteasy-client-microprofile | <3.14.0.Final | 3.14.0.Final |
References
- https://nvd.nist.gov/vuln/detail/CVE-2020-25633
- https://github.com/resteasy/Resteasy/pull/2665/commits/13c808b5967242eec1e877edbc0014a84dcd6eb0
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633
- https://issues.redhat.com/browse/RESTEASY-2820
- https://security-tracker.debian.org/tracker/CVE-2020-25633
Verify integrity in audit chain (admin only). AS-IS.