GoogleOSV:GHSA-9WMF-XF3H-R8PRJberet: jberet-core logging database credentials
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.4%
A vulnerability was found in jberet-core logging. An exception in ‘dbProperties’ might display user credentials such as the username and password for the database-connection.
References
access.redhat.com/errata/RHSA-2024:3580
access.redhat.com/errata/RHSA-2024:3581
access.redhat.com/errata/RHSA-2024:3583
access.redhat.com/security/cve/CVE-2024-1102
bugzilla.redhat.com/show_bug.cgi?id=2262060
github.com/jberet/jsr352
github.com/jberet/jsr352/commit/eeef999663d7da0e372aeeeac26ecf7201a3121d
github.com/jberet/jsr352/issues/452
nvd.nist.gov/vuln/detail/CVE-2024-1102
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.4%