ByteOS Network

CVE Vulnerability Details :

CVE-2022-31679

PUBLISHED

More Info Official Page

Assigner-vmware

Assigner Org ID-dcf2e128-44bd-42ed-91e8-88f912c1401d

Published At-21 Sep, 2022 | 17:42

Updated At-22 May, 2025 | 18:32

▼CVE Numbering Authority (CNA)

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.

Affected Products

Vendor

n/a

Product

Spring Data REST

Versions

Affected

Spring Data REST Versions before 3.6.7 and 3.7.3

Problem Types

Type	CWE ID	Description
text	N/A	Potential Unintended Data Exposure for Resource Exposed

References

Hyperlink	Resource
https://tanzu.vmware.com/security/cve-2022-31679	x_refsource_MISC

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://tanzu.vmware.com/security/cve-2022-31679	x_refsource_MISC x_transferred

2. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-noinfo	CWE-noinfo Not enough information

Metrics

Version	Base score	Base severity	Vector
3.1	3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References