CVE-2023-25499
Summary
| CVE | CVE-2023-25499 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-22 13:15:00 UTC |
| Updated | 2023-06-30 16:32:00 UTC |
| Description | When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Vaadin | Vaadin | All | All | All | All |
| Application | Vaadin | Vaadin | 24.1.0 | alpha1 | All | All |
| Application | Vaadin | Vaadin | 24.1.0 | alpha2 | All | All |
| Application | Vaadin | Vaadin | 24.1.0 | alpha3 | All | All |
| Application | Vaadin | Vaadin | 24.1.0 | alpha4 | All | All |
| Application | Vaadin | Vaadin | 24.1.0 | alpha5 | All | All |
| Application | Vaadin | Vaadin | 24.1.0 | alpha6 | All | All |
| Application | Vaadin | Vaadin | 24.1.0 | beta1 | All | All |
| Application | Vaadin | Vaadin | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Disable sending updates to client for effectively non-visible nodes by tepi · Pull Request #15885 · vaadin/flow · GitHub | MISC | github.com | |
| CVE-2023-25499: Possible information disclosure in non visible components | MISC | vaadin.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.