Описание
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
Меры по смягчению последствий
Currently, no mitigation is available for this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 7 | infinispan-cli-client | Affected | ||
| Red Hat JBoss Enterprise Application Platform 8 | infinispan-cli-client | Affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | infinispan-cli-client | Affected | ||
| Red Hat Data Grid 8.5.4 | infinispan-cli-client | Fixed | RHSA-2025:10130 | 01.07.2025 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-209
https://bugzilla.redhat.com/show_bug.cgi?id=2370429infinispan: Credential Leakage in Infinispan CLI
EPSS
Процентиль: 2%
0.00015
Низкий
6.2 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.2
nvd
20 дней назад
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
CVSS3: 6.2
github
20 дней назад
Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information
EPSS
Процентиль: 2%
0.00015
Низкий
6.2 Medium
CVSS3