CVE-2024-22371

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.

CVSS v3 2.9 LOW

2.9^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.4 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://camel.apache.org/security/CVE-2024-22371.html	Vendor Advisory
https://camel.apache.org/security/CVE-2024-22371.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:camel::::::::
	cpe:2.3:a:apache:camel::-::::::*
	cpe:2.3:a:apache:camel::::::::
	cpe:2.3:a:apache:camel:3.22.0:::::::*

History

25 Apr 2025, 18:56

Type	Values Removed	Values Added
CPE		cpe:2.3:a:apache:camel:::::::: cpe:2.3:a:apache:camel::-::::::* cpe:2.3:a:apache:camel:3.22.0:::::::*
First Time		Apache Apache camel
References	~~() https://camel.apache.org/security/CVE-2024-22371.html -~~	() https://camel.apache.org/security/CVE-2024-22371.html - Vendor Advisory

21 Nov 2024, 08:56

Type	Values Removed	Values Added
References	~~() https://camel.apache.org/security/CVE-2024-22371.html -~~	() https://camel.apache.org/security/CVE-2024-22371.html -

31 Oct 2024, 13:35

Type	Values Removed	Values Added
CWE		CWE-922

26 Feb 2024, 16:32

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-26 16:27

Updated : 2025-04-25 18:56

NVD link : CVE-2024-22371

Mitre link : CVE-2024-22371

CVE.ORG link : CVE-2024-22371

JSON object : View

Products Affected

apache

camel

CWE

CWE-922

Insecure Storage of Sensitive Information

{"id": "CVE-2024-22371", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@apache.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.4}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-02-26T16:27:56.557", "references": [{"url": "https://camel.apache.org/security/CVE-2024-22371.html", "tags": ["Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://camel.apache.org/security/CVE-2024-22371.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.\n\nUsers are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.\n\n"}, {"lang": "es", "value": "Exposici\u00f3n de datos confidenciales mediante la creaci\u00f3n de un EventFactory malicioso y proporcionando un ExchangeCreatedEvent personalizado que expone datos confidenciales. Vulnerabilidad en Apache Camel. Este problema afecta a Apache Camel: desde 3.21.X hasta 3.21.3, desde 3.22.X hasta 3.22.0, desde 4.0.X hasta 4.0.3, desde 4.X hasta 4.3.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 3.21.4, 3.22.1, 4.0.4 o 4.4.0, que soluciona el problema."}], "lastModified": "2025-04-25T18:56:25.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "538BED08-EC3A-4994-AD1C-2E55AF256D72", "versionEndExcluding": "3.21.4", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:apache:camel:*:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D74033D-CA38-4898-AAF5-9A326272C684", "versionEndExcluding": "4.0.4", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27A2B9B3-E722-442D-81B4-F2DE97C328FB", "versionEndExcluding": "4.4.0", "versionStartIncluding": "4.1.0"}, {"criteria": "cpe:2.3:a:apache:camel:3.22.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA31037D-507A-42D5-97BE-E57A85C9FF4F"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}