6.5

CVE-2024-1102

Exploit

Jberet: jberet-core logging database credentials

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JberetJberet Version < 2.2.1
RedhatJboss Enterprise Application Platform Version- SwEditiontext-only
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.79% 0.513
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-523 Unprotected Transport of Credentials

Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.

https://access.redhat.com/errata/RHSA-2024:1677
https://access.redhat.com/errata/RHSA-2024:3580
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3581
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3583
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-1102
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2262060
Third Party Advisory
Issue Tracking
https://github.com/jberet/jsr352/issues/452
Exploit
Issue Tracking