CVE-2020-25633

A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.

Published: Sep 18, 2020
Updated: Nov 8, 2023
CVE: CVE-2020-25633
GHSA: GHSA-hr32-mgpm-qf2f
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-209

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
redhat / resteasy	-	3.14.0
redhat / resteasy	4.5.0	4.5.6.x
quarkus / quarkus	-	1.11.6.x
org.jboss.resteasy / resteasy-client	4.0.0	4.5.7.Final
org.jboss.resteasy / resteasy-client-microprofile	4.0.0	4.5.7.Final
org.jboss.resteasy / resteasy-client	-	3.14.0.Final
org.jboss.resteasy / resteasy-client-microprofile	-	3.14.0.Final

Vulnerability Database

289,599

CVE-2020-25633