CVE-2020-25724

A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:resteasy:2.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.0.0:alpha2:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*

History

13 May 2022, 20:46

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20210702-0003/ - Third Party Advisory

11 Jun 2021, 13:32

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:resteasy:2.0.0:-:*:*:*:*:*:* cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*

03 Jun 2021, 19:53

Type Values Removed Values Added
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1899354 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1899354 - Issue Tracking, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 4.3
CPE cpe:2.3:a:redhat:resteasy:2.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.0.0:-:*:*:*:*:*:*

26 May 2021, 21:22

Type Values Removed Values Added
CWE CWE-567

26 May 2021, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-05-26 21:15

Updated : 2022-05-13 20:46


NVD link : CVE-2020-25724

Mitre link : CVE-2020-25724


JSON object : View

Products Affected

quarkus

  • quarkus

redhat

  • resteasy
CWE
CWE-567

Unsynchronized Access to Shared Data in a Multithreaded Context