Skip to main content

Cleartext Storage of Sensitive Information

CVE-2023-5384

Severity Low
Score 2.7/10

Summary

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. This issues affect versions prior to 14.0.25.Final and 15.0.0.Dev01 prior to 15.0.0.Dev07.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • HIGH
  • LOW
  • NONE

CWE-312 - Cleartext Storage of Sensitive Information

The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Advisory Timeline

  • Published