CVE-2023-6839

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

D

ue to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.

References

Link	Resource
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1334/	Vendor Advisory
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1334/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:wso2:api_manager:3.0.0:::::::*
	cpe:2.3:a:wso2:api_manager:3.1.0:::::::*
	cpe:2.3:a:wso2:api_manager:3.2.0:::::::*
	cpe:2.3:a:wso2:api_manager:4.0.0:::::::*

History

21 Nov 2024, 08:44

Type	Values Removed	Values Added
References	~~() https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1334/ - Vendor Advisory~~	() https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1334/ - Vendor Advisory

Information

Published : 2023-12-15 11:15

Updated : 2024-11-21 08:44

NVD link : CVE-2023-6839

Mitre link : CVE-2023-6839

CVE.ORG link : CVE-2023-6839

JSON object : View

Products Affected

api_manager

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

{"id": "CVE-2023-6839", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-12-15T11:15:48.003", "references": [{"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1334/", "tags": ["Vendor Advisory"], "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8"}, {"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1334/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "description": [{"lang": "en", "value": "CWE-209"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.\n\n"}, {"lang": "es", "value": "Debido a un manejo inadecuado de errores, un recurso de API REST podr\u00eda exponer un error del lado del servidor que contenga un nombre de paquete interno espec\u00edfico de WSO2 en la respuesta HTTP."}], "lastModified": "2024-11-21T08:44:39.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wso2:api_manager:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FF14774-8935-4FC9-B5C8-9771B3D6EBFD"}, {"criteria": "cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1344FB79-0796-445C-A8F3-C03E995925D1"}, {"criteria": "cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E31E32CD-497E-4EF5-B3FC-8718EE06EDAD"}, {"criteria": "cpe:2.3:a:wso2:api_manager:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E21D7ABF-C328-425D-B914-618C7628220B"}], "operator": "OR"}]}], "sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8"}