CVE-2020-25724

NameCVE-2020-25724
DescriptionA flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
resteasy (PTS)sid3.6.2-2vulnerable
resteasy3.0 (PTS)buster3.0.26-1vulnerable
bookworm, sid, bullseye3.0.26-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
resteasysource(unstable)(unfixed)
resteasy3.0source(unstable)(unfixed)

Notes

[bullseye] - resteasy3.0 <no-dsa> (Minor issue)
[buster] - resteasy3.0 <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=1899354 (lacks details ATM)
Search for package or bug name: Reporting problems