CVE-2023-34442 – org.apache.camel:camel-jira

Package

Manager: maven
Name: org.apache.camel:camel-jira
Vulnerable Version: >=3.0.0-m3 <3.14.9 || >=3.15.0 <3.18.8 || >=3.20.0 <3.20.6 || >=4.0.0-m1 <4.0.0-rc1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00043 pctl0.12468

Details

Apache Camel information exposure vulnerability Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel. This issue affects Apache Camel from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-RC1

Metadata

Created: 2023-07-10T18:30:49Z
Modified: 2023-07-19T10:49:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-6g2w-257v-3c9f/GHSA-6g2w-257v-3c9f.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-6g2w-257v-3c9f
Finding: F017
Auto approve: 1