Описание
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Issue Tracking
- Vendor Advisory
- Vendor Advisory
- Issue Tracking
Уязвимые конфигурации
Конфигурация 1Версия до 8.4.6 (исключая)
cpe:2.3:a:redhat:data_grid:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*
Конфигурация 3
cpe:2.3:a:infinispan:infinispan:-:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00414
Низкий
7.2 High
CVSS3
2.7 Low
CVSS3
Дефекты
CWE-312
CWE-312
Связанные уязвимости
CVSS3: 7.2
redhat
около 2 лет назад
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.
EPSS
Процентиль: 61%
0.00414
Низкий
7.2 High
CVSS3
2.7 Low
CVSS3
Дефекты
CWE-312
CWE-312