Vulnerabilities > CVE-2020-25724 - Unsynchronized Access to Shared Data in a Multithreaded Context vulnerability in multiple products

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
redhat
quarkus
CWE-567
NVD
Published: 2021-05-26
Updated: 2022-05-13

Summary

A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.

Vulnerable Configurations

Part Description Count
Application
Redhat
9
Application
Quarkus
114

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Deadlock
    This attack attempts to trigger and exploit a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock condition are not easy to detect.

References