Lucene search

GitHub Advisory DatabaseGHSA-9WMF-XF3H-R8PR

HistoryApr 25, 2024 - 6:30 p.m.

Jberet: jberet-core logging database credentials

2024-04-2518:30:39

CWE-200

CWE-532

GitHub Advisory Database

github.com

jberet

vulnerability

logging

database

credentials

software

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

Percentile

10.3%

JSON

A vulnerability was found in jberet-core logging. An exception in ‘dbProperties’ might display user credentials such as the username and password for the database-connection.

Affected configurations

Vulners

Node

org.jberetjberet-coreRange<2.2.1.Final

VendorProductVersionCPE
org.jberetjberet-core*cpe:2.3:a:org.jberet:jberet-core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.jberet	jberet-core	*	cpe:2.3:a:org.jberet:jberet-core::::::::

References

access.redhat.com/errata/RHSA-2024:3580

access.redhat.com/errata/RHSA-2024:3581

access.redhat.com/errata/RHSA-2024:3583

access.redhat.com/security/cve/CVE-2024-1102

bugzilla.redhat.com/show_bug.cgi?id=2262060

github.com/advisories/GHSA-9wmf-xf3h-r8pr

github.com/jberet/jsr352/commit/eeef999663d7da0e372aeeeac26ecf7201a3121d

github.com/jberet/jsr352/issues/452

nvd.nist.gov/vuln/detail/CVE-2024-1102

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

Percentile

10.3%

JSON

Related for GHSA-9WMF-XF3H-R8PR