Search criteria
3 vulnerabilities found for designer by vaadin
FKIE_CVE-2021-31410
Vulnerability from fkie_nvd - Published: 2021-04-23 17:15 - Updated: 2024-11-21 06:05
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.
References
| URL | Tags | ||
|---|---|---|---|
| security@vaadin.com | https://vaadin.com/security/cve-2021-31410 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vaadin.com/security/cve-2021-31410 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vaadin:designer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E732F75A-8B10-4FB7-9086-C043F9249875",
"versionEndExcluding": "4.6.4",
"versionStartIncluding": "4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request."
},
{
"lang": "es",
"value": "Una configuraci\u00f3n demasiado relajada del servidor de recursos frontend en Vaadin Designer versiones 4.3.0 hasta 4.6.3, permite a atacantes remotos acceder a fuentes del proyecto por medio de una petici\u00f3n HTTP dise\u00f1ada"
}
],
"id": "CVE-2021-31410",
"lastModified": "2024-11-21T06:05:36.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security@vaadin.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-23T17:15:08.297",
"references": [
{
"source": "security@vaadin.com",
"tags": [
"Vendor Advisory"
],
"url": "https://vaadin.com/security/cve-2021-31410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://vaadin.com/security/cve-2021-31410"
}
],
"sourceIdentifier": "security@vaadin.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-402"
}
],
"source": "security@vaadin.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-31410 (GCVE-0-2021-31410)
Vulnerability from cvelistv5 – Published: 2021-04-23 16:08 – Updated: 2024-09-17 02:37
VLAI?
Title
Project sources exposure in Vaadin Designer
Summary
Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.
Severity ?
8.6 (High)
CWE
- CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vaadin.com/security/cve-2021-31410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Designer",
"vendor": "Vaadin",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "4.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-402",
"description": "CWE-402 Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T16:08:30",
"orgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
"shortName": "Vaadin"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vaadin.com/security/cve-2021-31410"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Project sources exposure in Vaadin Designer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@vaadin.com",
"DATE_PUBLIC": "2021-04-22T12:29:00.000Z",
"ID": "CVE-2021-31410",
"STATE": "PUBLIC",
"TITLE": "Project sources exposure in Vaadin Designer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Designer",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003e=",
"version_name": "",
"version_value": "4.3.0"
},
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "",
"version_value": "4.6.3 +1"
}
]
}
}
]
},
"vendor_name": "Vaadin"
}
]
}
},
"configuration": [],
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-402 Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vaadin.com/security/cve-2021-31410",
"refsource": "MISC",
"url": "https://vaadin.com/security/cve-2021-31410"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "INTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
"assignerShortName": "Vaadin",
"cveId": "CVE-2021-31410",
"datePublished": "2021-04-23T16:08:31.003622Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-17T02:37:25.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31410 (GCVE-0-2021-31410)
Vulnerability from nvd – Published: 2021-04-23 16:08 – Updated: 2024-09-17 02:37
VLAI?
Title
Project sources exposure in Vaadin Designer
Summary
Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.
Severity ?
8.6 (High)
CWE
- CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vaadin.com/security/cve-2021-31410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Designer",
"vendor": "Vaadin",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "4.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-402",
"description": "CWE-402 Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T16:08:30",
"orgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
"shortName": "Vaadin"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vaadin.com/security/cve-2021-31410"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Project sources exposure in Vaadin Designer",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@vaadin.com",
"DATE_PUBLIC": "2021-04-22T12:29:00.000Z",
"ID": "CVE-2021-31410",
"STATE": "PUBLIC",
"TITLE": "Project sources exposure in Vaadin Designer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Designer",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003e=",
"version_name": "",
"version_value": "4.3.0"
},
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "",
"version_value": "4.6.3 +1"
}
]
}
}
]
},
"vendor_name": "Vaadin"
}
]
}
},
"configuration": [],
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-402 Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vaadin.com/security/cve-2021-31410",
"refsource": "MISC",
"url": "https://vaadin.com/security/cve-2021-31410"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "INTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
"assignerShortName": "Vaadin",
"cveId": "CVE-2021-31410",
"datePublished": "2021-04-23T16:08:31.003622Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-17T02:37:25.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}