Home > Vulnerability Database > CVE-2023-25499

Mend.io Vulnerability Database

CVE-2023-25499

Good to know:

Date: June 22, 2023

When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.

Language: Java

Severity Score

5.7

Related Resources (6)

Url: https://vaadin.com/security/CVE-2023-25499

Url: https://github.com/vaadin/platform/security/advisories/GHSA-5f9v-mv5g-jh5q

Url: https://github.com/vaadin/platform

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-25499

Url: https://github.com/vaadin/flow/pull/15885

Url: https://www.mend.io/vulnerability-database/CVE-2023-25499

Severity Score

5.7

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Insertion of Sensitive Information Into Sent Data

CWE-201

Top Fix

Upgrade Version

Upgrade to version 1.0.20,2.8.10,9.1.1,23.3.11;24.0.8

Learn More

CVSS v3.1

Base Score:	5.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-25499

Good to know:

Date: June 22, 2023

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?