Lucene search

K
githubGitHub Advisory DatabaseGHSA-RP7R-79RM-2758
HistoryMay 01, 2022 - 2:31 a.m.

Apache Derby exposes user and password attributes

2022-05-0102:31:27
CWE-200
GitHub Advisory Database
github.com
8

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

21.9%

Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.

Affected configurations

Vulners
Node
org.apache.derby\Matchderby
CPENameOperatorVersion
org.apache.derby:derbyle10.1.1.0

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

21.9%

Related for GHSA-RP7R-79RM-2758