Fluid Attacks Database

Description

Generation of Error Message Containing Sensitive Information in RESTEasy client A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.jboss.resteasy:resteasy-jaxrs	>=0 <3.14.0 \|\| >=4.5.0 <=4.5.6	3.14.0.final
maven	org.jboss.resteasy:resteasy-client-microprofile	>=4.0.0 <4.5.7.final \|\| >=0 <3.14.0.final	4.5.7.final, 3.14.0.final
debian 11	resteasy3.0	=3.0.26-2 \|\| =3.0.26-3 \|\| =3.0.26-4 \|\| =3.0.26-5 \|\| =3.0.26-6	-
debian 13	resteasy3.0	=3.0.26-6	-
maven	org.jboss.resteasy:resteasy-client	>=4.0.0 <4.5.7.final \|\| >=0 <3.14.0.final	4.5.7.final, 3.14.0.final
debian 12	resteasy3.0	=3.0.26-6	-
debian 14	resteasy3.0	=3.0.26-6	-
rpm rhel7	resteasy-base	-	-
rpm rhel8	resteasy	-	-

Aliases

1. CVE-2020-256332. NVD-2020-256333. OSV-2020-256334. OSV-DEBIAN-2020-256335. GCVE-2020-256336. bugzilla.redhat.com7. SECURITY-TRACKER-CVE-2020-25633

References

1. https://github.com/resteasy/Resteasy/pull/2665/commits/13c808b5967242eec1e877edbc0014a84dcd6eb02. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-256333. https://issues.redhat.com/browse/RESTEASY-2820