Skip to main content

Generation of Error Message Containing Sensitive Information

CVE-2023-0833

Severity Medium
Score 5.5/10

Summary

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the "OKHttp" component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions. This vulnerability affects com.squareup.okhttp3:okhttp package versions through 4.9.1, 4.10.0-RC1, and 5.0.0-alpha.1 through 5.0.0-alpha.2.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-209 - Generation of Error Message Containing Sensitive Information

The software generates an error message that includes sensitive information about its environment, users, or associated data.

Advisory Timeline

  • Published