VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-4pm7-acja-aaar

Essentials
Severities (126)
References (48)
Severity details (42)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-4pm7-acja-aaar
Aliases	CVE-2023-26049 GHSA-p26g-97m4-6q7c
Summary	Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1286	Improper Validation of Syntactic Correctness of Input

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2023:7637
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:7637
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2023:7638
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:7638
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2023:7639
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:7639
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2023:7641
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:7641
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:0798
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0798
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:0799
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0799
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:0800
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0800
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:0801
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0801
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:0804
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:0804
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26049.json
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00115	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00245	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00245	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00245	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00245	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.00322	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.01583	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.01583	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.01583	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.01583	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.01583	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.01583	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.01583	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.01583	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.01583	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.01583	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.01583	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.01583	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.01583	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.01583	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.01583	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
epss	0.11577	https://api.first.org/data/v1/epss?cve=CVE-2023-26049
cvssv3.1	3.7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-p26g-97m4-6q7c
cvssv3.1	3.5	https://github.com/eclipse/jetty.project
generic_textual	LOW	https://github.com/eclipse/jetty.project
cvssv3.1	2.4	https://github.com/eclipse/jetty.project/pull/9339
generic_textual	LOW	https://github.com/eclipse/jetty.project/pull/9339
cvssv3.1	2.4	https://github.com/eclipse/jetty.project/pull/9352
generic_textual	LOW	https://github.com/eclipse/jetty.project/pull/9352
cvssv3.1	2.4	https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.51.v20230217
generic_textual	LOW	https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.51.v20230217
cvssv3.1_qr	LOW	https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c
cvssv3.1	3.5	https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
generic_textual	LOW	https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
cvssv3	5.3	https://nvd.nist.gov/vuln/detail/CVE-2023-26049
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2023-26049
cvssv3.1	2.4	https://security.netapp.com/advisory/ntap-20230526-0001
generic_textual	LOW	https://security.netapp.com/advisory/ntap-20230526-0001
cvssv3.1	3.5	https://www.debian.org/security/2023/dsa-5507
generic_textual	LOW	https://www.debian.org/security/2023/dsa-5507
cvssv3.1	2.4	https://www.rfc-editor.org/rfc/rfc2965
generic_textual	LOW	https://www.rfc-editor.org/rfc/rfc2965
cvssv3.1	2.4	https://www.rfc-editor.org/rfc/rfc6265
generic_textual	LOW	https://www.rfc-editor.org/rfc/rfc6265

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26049.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-26049
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/eclipse/jetty.project
		https://github.com/eclipse/jetty.project/pull/9339
		https://github.com/eclipse/jetty.project/pull/9352
		https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.51.v20230217
		https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
		https://security.netapp.com/advisory/ntap-20230526-0001
		https://security.netapp.com/advisory/ntap-20230526-0001/
		https://www.debian.org/security/2023/dsa-5507
		https://www.rfc-editor.org/rfc/rfc2965
		https://www.rfc-editor.org/rfc/rfc6265
2236341		https://bugzilla.redhat.com/show_bug.cgi?id=2236341
cpe:2.3:a:eclipse:jetty::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty::::::::
cpe:2.3:a:eclipse:jetty:12.0.0:alpha1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:12.0.0:alpha1::::::
cpe:2.3:a:eclipse:jetty:12.0.0:alpha2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:12.0.0:alpha2::::::
cpe:2.3:a:eclipse:jetty:12.0.0:alpha3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:12.0.0:alpha3::::::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:::::::*
cpe:2.3:a:netapp:e-series_santricity_web_services:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services:-:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
CVE-2023-26049		https://nvd.nist.gov/vuln/detail/CVE-2023-26049
GHSA-p26g-97m4-6q7c		https://github.com/advisories/GHSA-p26g-97m4-6q7c
GHSA-p26g-97m4-6q7c		https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c
RHSA-2023:5165		https://access.redhat.com/errata/RHSA-2023:5165
RHSA-2023:5441		https://access.redhat.com/errata/RHSA-2023:5441
RHSA-2023:7637		https://access.redhat.com/errata/RHSA-2023:7637
RHSA-2023:7638		https://access.redhat.com/errata/RHSA-2023:7638
RHSA-2023:7639		https://access.redhat.com/errata/RHSA-2023:7639
RHSA-2023:7641		https://access.redhat.com/errata/RHSA-2023:7641
RHSA-2024:0778		https://access.redhat.com/errata/RHSA-2024:0778
RHSA-2024:0797		https://access.redhat.com/errata/RHSA-2024:0797
RHSA-2024:0798		https://access.redhat.com/errata/RHSA-2024:0798
RHSA-2024:0799		https://access.redhat.com/errata/RHSA-2024:0799
RHSA-2024:0800		https://access.redhat.com/errata/RHSA-2024:0800
RHSA-2024:0801		https://access.redhat.com/errata/RHSA-2024:0801
RHSA-2024:0804		https://access.redhat.com/errata/RHSA-2024:0804
RHSA-2024:3385		https://access.redhat.com/errata/RHSA-2024:3385

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:7637

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/ Found at https://access.redhat.com/errata/RHSA-2023:7637

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:7638

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/ Found at https://access.redhat.com/errata/RHSA-2023:7638

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:7639

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/ Found at https://access.redhat.com/errata/RHSA-2023:7639

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:7641

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-22T16:12:35Z/ Found at https://access.redhat.com/errata/RHSA-2023:7641

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0798

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/ Found at https://access.redhat.com/errata/RHSA-2024:0798

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0799

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/ Found at https://access.redhat.com/errata/RHSA-2024:0799

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0800

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/ Found at https://access.redhat.com/errata/RHSA-2024:0800

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0801

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/ Found at https://access.redhat.com/errata/RHSA-2024:0801

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2024:0804

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-12T14:33:06Z/ Found at https://access.redhat.com/errata/RHSA-2024:0804

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26049.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/eclipse/jetty.project

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N Found at https://github.com/eclipse/jetty.project/pull/9339

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N Found at https://github.com/eclipse/jetty.project/pull/9352

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N Found at https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.51.v20230217

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-26049

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-26049

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20230526-0001

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N Found at https://www.debian.org/security/2023/dsa-5507

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N Found at https://www.rfc-editor.org/rfc/rfc2965

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N Found at https://www.rfc-editor.org/rfc/rfc6265

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.46001
EPSS Score	0.00113
Published At	Nov. 18, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.