CVE-2020-25633
MEDIUMRESTEasy < 4.5.6.Final - Information Disclosure via WebApplicationException Error Message
Title source: llmDescription
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633
Scores
CVSS v3
5.3
EPSS
0.0019
EPSS Percentile
40.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-209
Status
published
Products (4)
org.jboss.resteasy/resteasy-client
4.0.0 - 4.5.7.FinalMaven
org.jboss.resteasy/resteasy-client-microprofile
4.0.0 - 4.5.7.FinalMaven
quarkus/quarkus
< 1.11.6
redhat/resteasy
< 3.14.0
Published
Sep 18, 2020
Tracked Since
Feb 18, 2026