CVSS 3.1 Score 6.5 of 10 (medium)


Published Aug 8, 2023
Updated: Aug 16, 2023
CWE ID 200


CVE-2023-39951 is a vulnerability in OpenTelemetry Java Instrumentation prior to version 1.28.0 that affects Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. When SES POST requests are instrumented, the query parameters of the request are inserted into the trace `url.path` field, which exposes the email subject and message in the trace request URL metadata. This poses a potential danger as the email content sent to SES may end up being exposed to unintended audiences. To remediate this vulnerability, users should update OpenTelemetry Java Instrumentation to version 1.28.0 or later. The vulnerability has a medium severity rating with a base score of 6.5 based on CVSS:3.1, indicating low privileges required and no user interaction needed, but high confidentiality impact.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-39951 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options