A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
CVE-2023-0833 - Medium Severity Vulnerability
Square’s meticulous HTTP client for Java and Kotlin.
Library home page: https://square.github.io/okhttp/
Path to dependency file: /pom.xml
Path to vulnerable library: /canner/.m2/repository/com/squareup/okhttp3/okhttp/4.9.0/okhttp-4.9.0.jar
Dependency Hierarchy: - :x: **okhttp-4.9.0.jar** (Vulnerable Library)
Found in HEAD commit: eb687271afab9d7c61ca82fce2ed4fdb3d5e1a70
Found in base branch: master
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
Publish Date: 2023-09-27
URL: CVE-2023-0833
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2023-09-27
Fix Resolution: 4.9.2