CVE-2023-34442

LOW

Apache Camel 3.0.0-3.14.8 3.18.0-3.18.7 3.20.0-3.20.5 4.0.0-M3 - Exposure of Sensitive Information

Title source: llm

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1

References (1)

Core 1

Core References

Mailing List, Vendor Advisory vendor-advisory

https://lists.apache.org/thread/x4vy2hhbltb1xrvy1g6m8hpjgj2k7wgh

Scores

CVSS v3 3.3

EPSS 0.0005

EPSS Percentile 14.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (3)

apache/camel 4.0.0 milestone1 (3 CPE variants)

apache/camel 3.0.0 - 3.14.9

org.apache.camel/camel-jira 3.0.0-M3 - 3.14.9Maven

Published Jul 10, 2023

Tracked Since Feb 18, 2026