CVE-2023-0833

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
References
Link Resource
https://access.redhat.com/errata/RHSA-2023:1241 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:3223 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-0833 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2169845 Issue Tracking Third Party Advisory
https://github.com/square/okhttp/issues/6738 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:squareup:okhttp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:a-mq_streams:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:a-mq_streams:*:*:*:*:*:*:*:*

History

02 Oct 2023, 19:26

Type Values Removed Values Added
References (MISC) https://github.com/square/okhttp/issues/6738 - (MISC) https://github.com/square/okhttp/issues/6738 - Exploit, Issue Tracking, Third Party Advisory
References (MISC) https://access.redhat.com/security/cve/CVE-2023-0833 - (MISC) https://access.redhat.com/security/cve/CVE-2023-0833 - Third Party Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:3223 - (MISC) https://access.redhat.com/errata/RHSA-2023:3223 - Third Party Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:1241 - (MISC) https://access.redhat.com/errata/RHSA-2023:1241 - Third Party Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2169845 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2169845 - Issue Tracking, Third Party Advisory
CWE CWE-209
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CPE cpe:2.3:a:squareup:okhttp:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:a-mq_streams:*:*:*:*:*:*:*:*
First Time Squareup
Squareup okhttp
Redhat
Redhat a-mq Streams

27 Sep 2023, 15:16

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-27 15:16

Updated : 2023-12-10 15:14


NVD link : CVE-2023-0833

Mitre link : CVE-2023-0833

CVE.ORG link : CVE-2023-0833


JSON object : View

Products Affected

redhat

  • a-mq_streams

squareup

  • okhttp
CWE
CWE-209

Generation of Error Message Containing Sensitive Information