CVE-2017-7683 – org.apache.openmeetings:openmeetings-parent

Package

Manager: maven
Name: org.apache.openmeetings:openmeetings-parent
Vulnerable Version: >=1.0.0 <3.3.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00609 pctl0.68763

Details

Apache OpenMeetings displays Tomcat version and detailed error stack trace Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. The issue is fixed in version 3.3.0.

Metadata

Created: 2022-05-17T02:28:11Z
Modified: 2022-11-22T18:56:57Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4v67-wg88-37p9/GHSA-4v67-wg88-37p9.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-4v67-wg88-37p9
Finding: F308
Auto approve: 1