Skip to main content

Ktor CVE-2023-34339

LOW
Error Message Information Leak (CWE-209)
2023-06-01 cve@jetbrains.com
3.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 01, 2023 - 19:15 nvd
LOW 3.3

DescriptionNVD

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message

AnalysisAI

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-209. In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message Affected products include: Jetbrains Ktor. Version information: before 2.3.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Ktor

View all
CVE-2019-19703 MEDIUM POC
6.1 Dec 10

In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. Rated medium s

CVE-2023-45612 CRITICAL
9.8 Oct 09

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE. Rated

CVE-2019-12736 CRITICAL
9.8 Oct 02

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, lead

CVE-2019-19389 MEDIUM POC
5.4 Dec 26

JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. Rated medium severity (CVSS 5.4

CVE-2023-45613 CRITICAL
9.1 Oct 09

In JetBrains Ktor before 2.3.5 server certificates were not verified. Rated critical severity (CVSS 9.1), this vulnerabi

CVE-2019-10102 HIGH
8.1 Jul 03

JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an

CVE-2021-43203 HIGH
7.5 Nov 09

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. R

CVE-2020-5207 HIGH
7.5 Jan 27

In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and T

CVE-2022-38180 MEDIUM
6.5 Aug 12

In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases. Rated medium severity

CVE-2020-26129 MEDIUM
6.5 Nov 16

In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. Rated medium severity (CVSS 6.5), this vulnerabilit

CVE-2022-38179 MEDIUM
6.1 Aug 12

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack. Rated medium severity (CVSS 6.1), this v

CVE-2025-29904 MEDIUM
5.3 Mar 12

In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible. Rated medium severity (CVSS 5.3), this vulnerabil

Share

CVE-2023-34339 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy