Infinispan caches credentials in clear text
Moderate severity
GitHub Reviewed
Published
Dec 28, 2023
to the GitHub Advisory Database
•
Updated Nov 18, 2024
Package
Affected versions
>= 15.0.0.Dev01, < 15.0.0.Dev07
< 14.0.25.Final
Patched versions
15.0.0.Dev07
14.0.25.Final
>= 15.0.0.Dev01, < 15.0.0.Dev07
< 14.0.25.Final
15.0.0.Dev07
14.0.25.Final
>= 15.0.0.Dev01, < 15.0.0.Dev07
< 14.0.25.Final
15.0.0.Dev07
14.0.25.Final
>= 15.0.0.Dev01, < 15.0.0.Dev07
< 14.0.25.Final
15.0.0.Dev07
14.0.25.Final
>= 15.0.0.Dev01, < 15.0.0.Dev07
< 14.0.25.Final
15.0.0.Dev07
14.0.25.Final
>= 15.0.0.Dev01, < 15.0.0.Dev07
< 14.0.25.Final
15.0.0.Dev07
14.0.25.Final
>= 15.0.0.Dev01, < 15.0.0.Dev07
< 14.0.25.Final
15.0.0.Dev07
14.0.25.Final
>= 15.0.0.Dev01, < 15.0.0.Dev07
< 14.0.25.Final
15.0.0.Dev07
14.0.25.Final
Description
Published by the National Vulnerability Database
Dec 18, 2023
Published to the GitHub Advisory Database
Dec 28, 2023
Reviewed
Sep 16, 2024
Last updated
Nov 18, 2024
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.
References