CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
21.8%
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.
Vendor | Product | Version | CPE |
---|---|---|---|
org.infinispan | infinispan-cachestore-jdbc | * | cpe:2.3:a:org.infinispan:infinispan-cachestore-jdbc:*:*:*:*:*:*:*:* |
org.infinispan | infinispan-cachestore-sql | * | cpe:2.3:a:org.infinispan:infinispan-cachestore-sql:*:*:*:*:*:*:*:* |
org.infinispan | infinispan-cachestore-remote | * | cpe:2.3:a:org.infinispan:infinispan-cachestore-remote:*:*:*:*:*:*:*:* |
org.infinispan | infinispan-cachestore-jdbc-common | * | cpe:2.3:a:org.infinispan:infinispan-cachestore-jdbc-common:*:*:*:*:*:*:*:* |
org.infinispan | infinispan-client-hotrod | * | cpe:2.3:a:org.infinispan:infinispan-client-hotrod:*:*:*:*:*:*:*:* |
org.infinispan | infinispan-hotrod | * | cpe:2.3:a:org.infinispan:infinispan-hotrod:*:*:*:*:*:*:*:* |
org.infinispan | infinispan-commons | * | cpe:2.3:a:org.infinispan:infinispan-commons:*:*:*:*:*:*:*:* |
org.infinispan | infinispan-core | * | cpe:2.3:a:org.infinispan:infinispan-core:*:*:*:*:*:*:*:* |
access.redhat.com/errata/RHSA-2023:7676
access.redhat.com/security/cve/CVE-2023-5384
bugzilla.redhat.com/show_bug.cgi?id=2242156
github.com/advisories/GHSA-gg57-587f-h5v6
github.com/infinispan/infinispan/commit/7140fc9b026ec55786c1aa78bb3cd8bf951fad47
github.com/infinispan/infinispan/commit/fd3e18ec3b1a4e7fcfd79392f5bf78792a2b8c61
github.com/infinispan/infinispan/pull/11555
github.com/infinispan/infinispan/pull/11995
issues.redhat.com/browse/ISPN-15202
nvd.nist.gov/vuln/detail/CVE-2023-5384
security.netapp.com/advisory/ntap-20240125-0004
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
21.8%