Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2023/12/28 6:30 p.m.8 views

org.infinispan:infinispan-distribution (>=15.0.0.Dev01 <=15.0.0.Dev10), org.infinispan:infinispan-javadoc-all (>=15.0.0.Dev01 <=15.0.0.Dev10) +7 more potentially affected by CVE-2023-5384 via org.infinispan:infinispan-cachestore-sql (>=15.0.0.Dev01 <=15.0.0.Dev06)

org.infinispan:infinispan-cachestore-sql MAVEN version =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev06, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev10 Source cves: CVE-2023-5384 Source advisory: OSV:GHSA-GG57-587F-H5V6...

7.2CVSS6.2AI score0.00543EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/12/28 6:30 p.m.4 views

org.infinispan:infinispan-cachestore-jdbc (>=15.0.0.Dev01 <=15.0.0.Dev10), org.infinispan:infinispan-cachestore-sql (>=15.0.0.Dev01 <=15.0.0.Dev10) +10 more potentially affected by CVE-2023-5384 via org.infinispan:infinispan-cachestore-jdbc-common (>=15.0.0.Dev01 <=15.0.0.Dev06)

org.infinispan:infinispan-cachestore-jdbc-common MAVEN version =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev06, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev10 Source cves: CVE-2023-538...

7.2CVSS6.2AI score0.00543EPSS
Exploits0
NVD
NVD
added 2023/12/18 2:15 p.m.42 views

CVE-2023-5384

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials JDBC store with connection pooling, remote store, the credentials are returned in clear text as part of the configuration...

7.2CVSS0.00543EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/12/18 1:43 p.m.45 views

CVE-2023-5384 Infinispan: credentials returned from configuration as clear text

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials JDBC store with connection pooling, remote store, the credentials are returned in clear text as part of the configuration...

7.2CVSS7.1AI score0.00543EPSS
Exploits0References3
CVE
CVE
added 2023/12/18 1:43 p.m.118 views

CVE-2023-5384

CVE-2023-5384 affects Infinispan: when serializing a cache configuration to XML/JSON/YAML that contains credentials (e.g., JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. This exposes sensitive data if the configuration i...

7.2CVSS5.2AI score0.00543EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder