CVE-2020-25724

A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.0.0:alpha2:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:18

Type Values Removed Values Added
References () https://bugzilla.redhat.com/show_bug.cgi?id=1899354 - Issue Tracking, Vendor Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1899354 - Issue Tracking, Vendor Advisory
References () https://security.netapp.com/advisory/ntap-20210702-0003/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20210702-0003/ - Third Party Advisory

13 May 2022, 20:46

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20210702-0003/ - Third Party Advisory

11 Jun 2021, 13:32

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:resteasy:2.0.0:-:*:*:*:*:*:* cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*

03 Jun 2021, 19:53

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 4.3
CPE cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.0.0:-:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.0.0:alpha1:*:*:*:*:*:*
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1899354 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1899354 - Issue Tracking, Vendor Advisory

26 May 2021, 21:22

Type Values Removed Values Added
CWE CWE-567

26 May 2021, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-05-26 21:15

Updated : 2024-11-21 05:18


NVD link : CVE-2020-25724

Mitre link : CVE-2020-25724

CVE.ORG link : CVE-2020-25724


JSON object : View

Products Affected

quarkus

  • quarkus

redhat

  • resteasy
CWE
CWE-567

Unsynchronized Access to Shared Data in a Multithreaded Context