Transmission of Private Resources into a New Sphere ('Resource Leak')

CVE-2021-31410

High

8.6/10

Summary

Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')

The software makes resources available to untrusted parties when those resources are only intended to be accessed by the software.

References

Advisory Timeline

Published Apr 23, 2021

Transmission of Private Resources into a New Sphere ('Resource Leak')

CVE-2021-31410

Summary

CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS