CVE-2024-1102 — Unprotected Transport of Credentials in Jberet

CWE-523 — Unprotected Transport of Credentials CWE-200 — Sensitive Information Exposure CWE-532 — Log File Information Exposure5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 73.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jberet Redhat Jboss Enterprise Application Platform

Timeline

PublishedApr 25

Description

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDjberet/jberet< 2.2.1

▶NVDredhat/jboss_enterprise_application_platform8.0

🔴Vulnerability Details

OSV

Jberet: jberet-core logging database credentials↗2024-04-25

▶

CVEList

Jberet: jberet-core logging database credentials↗2024-04-25

▶

GHSA

Jberet: jberet-core logging database credentials↗2024-04-25

▶

📋Vendor Advisories

Red Hat

jberet: jberet-core logging database credentials↗2024-01-29

▶