Skip to main content

Eclipse Dataspace Components

2 CVEs product

Monthly

CVE-2024-9202 MEDIUM PATCH This Month

In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets (= data offers) another party can see in a requested catalog, to ensure that only authorized. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Java Eclipse Dataspace Components
NVD GitHub
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8642 Maven MEDIUM PATCH This Month

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Eclipse Dataspace Components
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets (= data offers) another party can see in a requested catalog, to ensure that only authorized. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Java Eclipse Dataspace Components
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Eclipse Dataspace Components
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy