CVE-2024-22371
Apache Camel issue on ExchangeCreatedEvent
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.
Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.
Exposición de datos confidenciales mediante la creación de un EventFactory malicioso y proporcionando un ExchangeCreatedEvent personalizado que expone datos confidenciales. Vulnerabilidad en Apache Camel. Este problema afecta a Apache Camel: desde 3.21.X hasta 3.21.3, desde 3.22.X hasta 3.22.0, desde 4.0.X hasta 4.0.3, desde 4.X hasta 4.3.0. Se recomienda a los usuarios actualizar a la versión 3.21.4, 3.22.1, 4.0.4 o 4.4.0, que soluciona el problema.
A flaw was found in Apache Camel. This issue may allow an attacker to expose sensitive data by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-01-09 CVE Reserved
- 2024-02-26 CVE Published
- 2024-02-27 EPSS Updated
- 2024-10-31 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-201: Insertion of Sensitive Information Into Sent Data
- CWE-922: Insecure Storage of Sensitive Information
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://camel.apache.org/security/CVE-2024-22371.html | 2024-02-26 | |
https://access.redhat.com/security/cve/CVE-2024-22371 | 2024-06-24 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2266024 | 2024-06-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Software Foundation Search vendor "Apache Software Foundation" | Apache Camel Search vendor "Apache Software Foundation" for product "Apache Camel" | >= 3.21.0 <= 3.21.3 Search vendor "Apache Software Foundation" for product "Apache Camel" and version " >= 3.21.0 <= 3.21.3" | en |
Affected
| ||||||
Apache Software Foundation Search vendor "Apache Software Foundation" | Apache Camel Search vendor "Apache Software Foundation" for product "Apache Camel" | 3.22.0 Search vendor "Apache Software Foundation" for product "Apache Camel" and version "3.22.0" | en |
Affected
| ||||||
Apache Software Foundation Search vendor "Apache Software Foundation" | Apache Camel Search vendor "Apache Software Foundation" for product "Apache Camel" | >= 4.0.0 <= 4.0.3 Search vendor "Apache Software Foundation" for product "Apache Camel" and version " >= 4.0.0 <= 4.0.3" | en |
Affected
| ||||||
Apache Software Foundation Search vendor "Apache Software Foundation" | Apache Camel Search vendor "Apache Software Foundation" for product "Apache Camel" | >= 4.0.0 <= 4.3.0 Search vendor "Apache Software Foundation" for product "Apache Camel" and version " >= 4.0.0 <= 4.3.0" | en |
Affected
|