{"containers": {"cna": {"affected": [{"product": "resteasy", "vendor": "n/a", "versions": [{"status": "affected", "version": "resteasy 2.0.0.Alpha3"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-567", "description": "CWE-567", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-02T11:06:08", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899354"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210702-0003/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-25724", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "resteasy", "version": {"version_data": [{"version_value": "resteasy 2.0.0.Alpha3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-567"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1899354", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899354"}, {"name": "https://security.netapp.com/advisory/ntap-20210702-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210702-0003/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:40:36.746Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899354"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210702-0003/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-25724", "datePublished": "2021-05-26T20:52:06", "dateReserved": "2020-09-16T00:00:00", "dateUpdated": "2024-08-04T15:40:36.746Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*", "matchCriteriaId": "11F11745-4735-43A8-B94B-F262E3248225", "versionEndExcluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:2.0.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "C58E1EC1-8340-422E-99F3-CCDB290AD8B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:2.0.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "3FA3AD77-B58D-4F0F-A6BF-CAA2E5F41D91", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*", "matchCriteriaId": "72CAE44C-9314-4931-82DE-F8F5C8787C3D", "versionEndExcluding": "1.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en RESTEasy, donde es proporcionada una respuesta incorrecta para una petici\u00f3n HTTP. Este fallo permite a un atacante conseguir acceso a informaci\u00f3n privilegiada. La mayor amenaza de esta vulnerabilidad es la confidencialidad y la integridad. Las versiones anteriores a resteasy versi\u00f3n 2.0.0.Alpha3 est\u00e1n afectadas"}], "id": "CVE-2020-25724", "lastModified": "2022-05-13T20:46:29.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-26T21:15:08.107", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899354"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210702-0003/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-567"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:1004", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "package": "resteasy", "product_name": "Text-Only RHOAR", "release_date": "2021-03-29T00:00:00Z"}], "bugzilla": {"description": "resteasy: information disclosure via HTTP response reuse", "id": "1899354", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899354"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-567", "details": ["A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.", "A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity."], "name": "CVE-2020-25724", "public_date": "2020-11-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-25724\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25724"], "threat_severity": "Moderate", "upstream_fix": "resteasy 2.0.0.Alpha3"}