Bug 1899354 (CVE-2020-25724)
| Summary: | CVE-2020-25724 resteasy: information disclosure via HTTP response reuse | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Chess Hazlett <chazlett> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | avibelli, bgeorges, chazlett, clement.escoffier, dandread, dkreling, gsmet, jbalunas, jochrist, jpallich, jwon, krathod, lthon, mszynkie, pgallagh, pjindal, probinso, rruss, rsvoboda, sbiarozk, sdouglas |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | resteasy 2.0.0.Alpha3 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-03-29 11:35:12 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1898995 | ||
|
Description
Chess Hazlett
2020-11-18 23:18:15 UTC
This issue has been addressed in the following products: Red Hat build of Quarkus Via RHSA-2021:1004 https://access.redhat.com/errata/RHSA-2021:1004 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25724 |