CVE-2023-3431: 
Java vulnerability analysis and mitigation

CVE-2023-3431 is an Improper Access Control vulnerability discovered in GitHub repository plantuml/plantuml affecting versions prior to 1.2023.9. The vulnerability was disclosed on June 27, 2023, and has been assigned a CVSS v3.1 base score of 5.3 (Medium) (NVD).

The vulnerability is related to improper access control mechanisms in PlantUML, specifically concerning local file read capabilities through the %load_json functionality. The issue has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating that it can be exploited remotely with low attack complexity, requires no privileges or user interaction, and primarily impacts confidentiality (NVD).

The vulnerability allows unauthorized access to local files through the PlantUML application, potentially leading to information disclosure. The CVSS score indicates that while the vulnerability can lead to unauthorized information access, it does not affect system integrity or availability (NVD).

The vulnerability has been fixed in PlantUML version 1.2023.9. Users are advised to upgrade to this version or later to address the security issue. The fix involves removing legacy ALLOW_INCLUDE functionality and implementing PLANTUML_SECURITY_PROFILE instead (GitHub Commit). Fedora has also released an update (version 1.2023.11-1.fc39) to address this vulnerability (Fedora Update).