Lucene search
HistoryApr 25, 2024 - 5:15 p.m.
CVE-2024-1102
cve-2024-1102
vulnerability
jberet-core
logging
user credentials
database-connection
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.1%
A vulnerability was found in jberet-core logging. An exception in ‘dbProperties’ might display user credentials such as the username and password for the database-connection.
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected",
"packageName": "jberet-core",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "eap8-hibernate-search",
"defaultStatus": "affected",
"versions": [
{
"version": "0:6.2.2-1.Final_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "eap8-jberet",
"defaultStatus": "affected",
"versions": [
{
"version": "0:2.1.4-1.Final_redhat_00001.1.el8eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "eap8-hibernate-search",
"defaultStatus": "affected",
"versions": [
{
"version": "0:6.2.2-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "eap8-jberet",
"defaultStatus": "affected",
"versions": [
{
"version": "0:2.1.4-1.Final_redhat_00001.1.el9eap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Build of Keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "jberet-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:build_keycloak:22"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Data Grid 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "jberet-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Data Grid 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "jberet-core",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "jberet-core",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak-adapter-eap6",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak-adapter-sso7_2-eap6",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak-adapter-sso7_3-eap6",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak-adapter-sso7_4-eap6",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "keycloak-adapter-sso7_5-eap6",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "org.keycloak-keycloak-parent",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "rh-sso7-keycloak",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "jberet-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "jberet-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Fuse 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "jberet-core",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "jberet-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
]
}
]Related
osv
osv
Jberet: jberet-core logging database credentials
2024-04-25 18:30:39
redhatcve
redhatcve
CVE-2024-1102
2024-01-31 08:54:06
veracode
veracode
Sensitive Information Into Log File
2024-04-26 05:28:51
cvelist
cvelist
CVE-2024-1102 Jberet: jberet-core logging database credentials
2024-04-25 16:24:30
nvd
nvd
CVE-2024-1102
2024-04-25 17:15:47
github
github
Jberet: jberet-core logging database credentials
2024-04-25 18:30:39
redhat
redhat
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.1%
Related for CVE-2024-1102