- Description
- A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squareup:okhttp:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BEEBF288-A5A0-49DE-9291-249B9C805B35",
"versionEndExcluding": "4.9.2"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:a-mq_streams:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29CDE024-A350-47DA-B96E-BA06F88551C3",
"versionEndExcluding": "2.2.1"
},
{
"criteria": "cpe:2.3:a:redhat:a-mq_streams:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD874C55-C1CA-48D2-AF4F-3F30C17EC05A",
"versionEndExcluding": "2.4.0",
"versionStartIncluding": "2.3.0"
}
],
"operator": "OR"
}
]
}
]