ghsa-h259-3rjg-5qp3
Vulnerability from github
Published
2022-05-14 02:19
Modified
2022-07-07 23:05
Summary
Exposure of Sensitive Information to an Unauthorized Actor in JBoss Fuse
Details
JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jboss.fuse:jboss-fuse"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-0085"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-07T23:05:10Z",
"nvd_published_at": "2014-04-17T14:55:00Z",
"severity": "LOW"
},
"details": "JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.",
"id": "GHSA-h259-3rjg-5qp3",
"modified": "2022-07-07T23:05:10Z",
"published": "2022-05-14T02:19:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0085"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Exposure of Sensitive Information to an Unauthorized Actor in JBoss Fuse"
}
Loading...