CVE-2020-25724

A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1899354 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.0.0:alpha2:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*

History

11 Jun 2021, 13:32

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:resteasy:2.0.0:-:*:*:*:*:*:* cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*

03 Jun 2021, 19:53

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 4.3
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1899354 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1899354 - Issue Tracking, Vendor Advisory
CPE cpe:2.3:a:redhat:resteasy:2.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.0.0:-:*:*:*:*:*:*

26 May 2021, 21:22

Type Values Removed Values Added
CWE CWE-567

26 May 2021, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-05-26 21:15

Updated : 2021-07-02 12:15


NVD link : CVE-2020-25724

Mitre link : CVE-2020-25724


JSON object : View

Products Affected

redhat

  • resteasy

quarkus

  • quarkus
CWE
CWE-567

Unsynchronized Access to Shared Data in a Multithreaded Context