OpenCVE

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Spring Data Rest

Configuration 1 [-]

OR	cpe:2.3:a:vmware:spring_data_rest::::::::
	cpe:2.3:a:vmware:spring_data_rest::::::::

No data.

References

Link	Providers
https://tanzu.vmware.com/security/cve-2022-31679

History

No history.

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2022-09-21T17:42:42

Updated: 2024-08-03T07:26:00.992Z

Reserved: 2022-05-25T00:00:00

Link: CVE-2022-31679

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-21T18:15:10.093

Modified: 2024-11-21T07:05:06.730

Link: CVE-2022-31679

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Spring Data REST", "vendor": "n/a", "versions": [{"status": "affected", "version": "Spring Data REST Versions before 3.6.7 and 3.7.3"}]}], "descriptions": [{"lang": "en", "value": "Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes."}], "problemTypes": [{"descriptions": [{"description": "Potential Unintended Data Exposure for Resource Exposed", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-21T17:42:42", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://tanzu.vmware.com/security/cve-2022-31679"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2022-31679", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spring Data REST", "version": {"version_data": [{"version_value": "Spring Data REST Versions before 3.6.7 and 3.7.3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Potential Unintended Data Exposure for Resource Exposed"}]}]}, "references": {"reference_data": [{"name": "https://tanzu.vmware.com/security/cve-2022-31679", "refsource": "MISC", "url": "https://tanzu.vmware.com/security/cve-2022-31679"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:00.992Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tanzu.vmware.com/security/cve-2022-31679"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2022-31679", "datePublished": "2022-09-21T17:42:42", "dateReserved": "2022-05-25T00:00:00", "dateUpdated": "2024-08-03T07:26:00.992Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}