GitHub Advisory DatabaseGHSA-CC62-496P-HRR7Exposure of Sensitive Information to an Unauthorized Actor in JGroup
5.4 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:P/I:P/A:P
0.09 Low
EPSS
Percentile
94.6%
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.jgroups:jgroups | le | 3.3.2.Final | |
| org.jgroups:jgroups | le | 3.2.8.Final |
References
rhn.redhat.com/errata/RHSA-2013-1207.html
rhn.redhat.com/errata/RHSA-2013-1208.html
rhn.redhat.com/errata/RHSA-2013-1209.html
rhn.redhat.com/errata/RHSA-2013-1437.html
rhn.redhat.com/errata/RHSA-2013-1771.html
rhn.redhat.com/errata/RHSA-2014-0029.html
bugzilla.redhat.com/show_bug.cgi?id=983489
github.com/advisories/GHSA-cc62-496p-hrr7
nvd.nist.gov/vuln/detail/CVE-2013-4112
Related
5.4 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:P/I:P/A:P
0.09 Low
EPSS
Percentile
94.6%