Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:46630
HistoryApr 26, 2024 - 5:28 a.m.

Sensitive Information Into Log File

2024-04-2605:28:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
sensitive information
log file
vulnerability
data masking
jberet-core

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0

Percentile

10.3%

JSON

jberet-core is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to missing data masking during logging via the getConnection method within JdbcRepository.java. It occurs when error messages include sensitive information, such as database connection properties containing usernames and passwords.

Related

osv 1
nvd 1
cvelist 1
github 1
cve 1
redhatcve 1
vulnrichment 1
redhat 3
nessus 2
osv
osv
Jberet: jberet-core logging database credentials
2024-04-25 18:30:39
nvd
nvd
CVE-2024-1102
2024-04-25 17:15:47
cvelist
cvelist
CVE-2024-1102 Jberet: jberet-core logging database credentials
2024-04-25 16:24:30
github
github
Jberet: jberet-core logging database credentials
2024-04-25 18:30:39
cve
cve
CVE-2024-1102
2024-04-25 17:15:47
redhatcve
redhatcve
CVE-2024-1102
2024-01-31 08:54:06
vulnrichment
vulnrichment
CVE-2024-1102 Jberet: jberet-core logging database credentials
2024-04-25 16:24:30
redhat
redhat
(RHSA-2024:3581) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update
2024-06-04 10:56:31
(RHSA-2024:3583) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update
2024-06-04 10:57:09
(RHSA-2024:3580) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update
2024-06-04 10:56:21
nessus
nessus
RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.0.2 Security update (Moderate) (RHSA-2024:3580)
2024-06-04 00:00:00
RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.2 Security update (Moderate) (RHSA-2024:3581)
2024-06-04 00:00:00

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0

Percentile

10.3%

JSON
Related for VERACODE:46630
osv1nvd1cvelist1github1cve1redhatcve1vulnrichment1redhat3nessus2