Vulnerability Details CVE-2023-5384
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.7%
CVSS Severity
CVSS v3 Score 7.2
References
- https://access.redhat.com/errata/RHSA-2023:7676
- https://access.redhat.com/security/cve/CVE-2023-5384
- https://bugzilla.redhat.com/show_bug.cgi?id=2242156
- https://access.redhat.com/errata/RHSA-2023:7676
- https://access.redhat.com/security/cve/CVE-2023-5384
- https://bugzilla.redhat.com/show_bug.cgi?id=2242156
- https://security.netapp.com/advisory/ntap-20240125-0004/
Products affected by CVE-2023-5384
-
cpe:2.3:a:infinispan:infinispan:-
-
cpe:2.3:a:redhat:data_grid:6.0.0
-
cpe:2.3:a:redhat:data_grid:7.3.4
-
cpe:2.3:a:redhat:data_grid:8.0
-
cpe:2.3:a:redhat:data_grid:8.0.0
-
cpe:2.3:a:redhat:data_grid:8.0.1
-
cpe:2.3:a:redhat:data_grid:8.1.0
-
cpe:2.3:a:redhat:data_grid:8.1.1
-
cpe:2.3:a:redhat:data_grid:8.4.4
-
cpe:2.3:a:redhat:jboss_data_grid:-