Cleartext Storage of Sensitive Information
CVE-2023-5384
Summary
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. This issues affect versions prior to 14.0.25.Final and 15.0.0.Dev01 prior to 15.0.0.Dev07.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- HIGH
- LOW
- NONE
CWE-312 - Cleartext Storage of Sensitive Information
The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
References
Advisory Timeline
- Published