CVE-2021-31403
Description
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack
Risk Information
Base Score
2.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.1
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-31403 are fixed in Vaadin-vaadin-server 7.7.24 | Windows |
| Vulnerabilities CVE-2021-31403 are fixed in Vaadin-vaadin-server 8.12.3 | Windows |
| Vulnerabilities CVE-2021-31403 are fixed in Vaadin - vaadin-bom 7.7.24 | Windows |
| Vulnerabilities CVE-2021-31403 are fixed in Vaadin - vaadin-bom 8.12.3 | Windows |
| Vulnerabilities CVE-2021-31403 are fixed in Vaadin-vaadin-server for Linux 7.7.24 | Linux |
| Vulnerabilities CVE-2021-31403 are fixed in Vaadin-vaadin-server for Linux 8.12.3 | Linux |
| Vulnerabilities CVE-2021-31403 are fixed in Vaadin - vaadin-bom for Linux 7.7.24 | Linux |
| Vulnerabilities CVE-2021-31403 are fixed in Vaadin - vaadin-bom for Linux 8.12.3 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234