Home

CVE-2022-29567

Description

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.267

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-29567 are fixed in Vaadin-vaadin 14.8.10Windows
Vulnerabilities CVE-2022-29567 are fixed in Vaadin-vaadin 22.0.15Windows
Vulnerabilities CVE-2022-29567 are fixed in Vaadin-vaadin 23.0.9Windows
Vulnerabilities CVE-2022-29567 are fixed in Vaadin--grid-flow 14.8.10Windows
Vulnerabilities CVE-2022-29567 are fixed in Vaadin--grid-flow 22.0.15Windows
Vulnerabilities CVE-2022-29567 are fixed in Vaadin--grid-flow 23.0.9Windows
Vulnerabilities CVE-2022-29567 are fixed in Vaadin-vaadin for Linux 14.8.10Linux
Vulnerabilities CVE-2022-29567 are fixed in Vaadin-vaadin for Linux 22.0.15Linux
Vulnerabilities CVE-2022-29567 are fixed in Vaadin-vaadin for Linux 23.0.9Linux
Vulnerabilities CVE-2022-29567 are fixed in Vaadin--grid-flow for Linux 14.8.10Linux
Vulnerabilities CVE-2022-29567 are fixed in Vaadin--grid-flow for Linux 22.0.15Linux
Vulnerabilities CVE-2022-29567 are fixed in Vaadin--grid-flow for Linux 23.0.9Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234