Infinispan: credentials returned from configuration as clear text
CVE-2023-5384

2.7LOW

Key Information:

Vendor: Red Hat
Status: infinispan; Red Hat Data Grid 8.4.6
Vendor: CVE Published:; 18 December 2023

What is CVE-2023-5384?

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.

References

https://access.redhat.com/errata/RHSA-2023:7676

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2023-5384

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2242156

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2023
Vulnerability Reserved
Oct 4, 2023

Red Hat

What is CVE-2023-5384?

References

CVSS V3.1

Timeline