CVE-2024-22371

{"id": "CVE-2024-22371", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@apache.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.4}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-02-26T16:27:56.557", "references": [{"url": "https://camel.apache.org/security/CVE-2024-22371.html", "tags": ["Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://camel.apache.org/security/CVE-2024-22371.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.\n\nUsers are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.\n\n"}, {"lang": "es", "value": "Exposici\u00f3n de datos confidenciales mediante la creaci\u00f3n de un EventFactory malicioso y proporcionando un ExchangeCreatedEvent personalizado que expone datos confidenciales. Vulnerabilidad en Apache Camel. Este problema afecta a Apache Camel: desde 3.21.X hasta 3.21.3, desde 3.22.X hasta 3.22.0, desde 4.0.X hasta 4.0.3, desde 4.X hasta 4.3.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 3.21.4, 3.22.1, 4.0.4 o 4.4.0, que soluciona el problema."}], "lastModified": "2025-04-25T18:56:25.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "538BED08-EC3A-4994-AD1C-2E55AF256D72", "versionEndExcluding": "3.21.4", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:apache:camel:*:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D74033D-CA38-4898-AAF5-9A326272C684", "versionEndExcluding": "4.0.4", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27A2B9B3-E722-442D-81B4-F2DE97C328FB", "versionEndExcluding": "4.4.0", "versionStartIncluding": "4.1.0"}, {"criteria": "cpe:2.3:a:apache:camel:3.22.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA31037D-507A-42D5-97BE-E57A85C9FF4F"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}