Описание
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
Отчет
Red Hat JBoss Enterprise Application Platform are not affected by this vulnerability. This flaw is rated as a Moderate vulnerability rather than an Important one because it requires specific conditions to be met for sensitive data exposure to occur. The password is only revealed if a user executes an invalid CLI command after including the decoded secret in the command string, which is a user-side misuse rather than a flaw in the core authentication or encryption logic of Infinispan. Additionally, the exposure is local to the terminal or logs and does not involve unauthorized remote access, privilege escalation, or systemic compromise.
Меры по смягчению последствий
Currently, no mitigation is available for this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 7 | infinispan-cli-client | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 8 | infinispan-cli-client | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | infinispan-cli-client | Not affected | ||
| Red Hat Data Grid 8.5.4 | infinispan-cli-client | Fixed | RHSA-2025:10130 | 01.07.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.2 Medium
CVSS3
Связанные уязвимости
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information
EPSS
6.2 Medium
CVSS3