First published: Mon Jul 10 2023(Updated: )
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel. This issue affects Apache Camel from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-RC1
Credit: security@apache.org security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Camel | >=3.0.0<3.14.9 | |
Apache Camel | >=3.18.0<3.18.8 | |
Apache Camel | >=3.20.0<3.20.6 | |
Apache Camel | =4.0.0-milestone1 | |
Apache Camel | =4.0.0-milestone2 | |
Apache Camel | =4.0.0-milestone3 | |
maven/org.apache.camel:camel-jira | >=4.0.0-M1<=4.0.0-M3 | 4.0.0-RC1 |
maven/org.apache.camel:camel-jira | >=3.20.0<3.20.6 | 3.20.6 |
maven/org.apache.camel:camel-jira | >=3.15.0<3.18.8 | 3.18.8 |
maven/org.apache.camel:camel-jira | >=3.0.0-M3<3.14.9 | 3.14.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-34442 is a vulnerability that involves exposure of sensitive information to an unauthorized actor in Apache Camel.
CVE-2023-34442 affects Apache Camel versions 3.X through <=3.14.8, 3.18.X through <=3.18.7, 3.20.X through <= 3.20.5, and 4.X through <= 4.0.0-M3.
The severity of CVE-2023-34442 is low, with a severity value of 3.3.
To fix CVE-2023-34442, users should upgrade to Apache Camel version 3.14.9 or higher.
More information about CVE-2023-34442 can be found in the references provided: [link1](https://lists.apache.org/thread/x4vy2hhbltb1xrvy1g6m8hpjgj2k7wgh), [link2](https://nvd.nist.gov/vuln/detail/CVE-2023-34442), [link3](https://github.com/apache/camel/commit/b61d5b6be4f98b673dc977ad1bc6f004642644ab).