Generation of Error Message Containing Sensitive Information
CVE-2023-0833
Summary
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the "OKHttp" component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions. This vulnerability affects com.squareup.okhttp3:okhttp package versions through 4.9.1, 4.10.0-RC1, and 5.0.0-alpha.1 through 5.0.0-alpha.2.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-209 - Generation of Error Message Containing Sensitive Information
The software generates an error message that includes sensitive information about its environment, users, or associated data.
References
Advisory Timeline
- Published