Описание
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.
Отчет
Red Hat evaluated this vulnerability and this only affects Infinispan's server component, so Red Hat JBoss Enterprise Application Platform (EAP) and other tools that may run infinispan is not affected.
Меры по смягчению последствий
The issue's impact is limited because only users with administrator permissions can retrieve the cache configurations, and the recommended approach for connecting via JDBC is using the datasource configuration, which does not expose the database credentials.
Дополнительная информация
Статус:
EPSS
7.2 High
CVSS3
Связанные уязвимости
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.
EPSS
7.2 High
CVSS3