A vulnerability was found in jberet-core logging. An exception in dbProperties might display user credentials such as the username and password for the database-connection.
Weakness
Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jberet | Jberet | * | 2.2.1 (excluding) |
| Red Hat JBoss Enterprise Application Platform | RedHat | org.jberet/jberet-core:1.3.9.SP3-redhat-00001 | * |
| Red Hat JBoss Enterprise Application Platform 8 | RedHat | jberet-core | * |
| Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 | RedHat | eap8-hibernate-search-0:6.2.2-1.Final_redhat_00001.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 | RedHat | eap8-jberet-0:2.1.4-1.Final_redhat_00001.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 | RedHat | eap8-hibernate-search-0:6.2.2-1.Final_redhat_00001.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 | RedHat | eap8-jberet-0:2.1.4-1.Final_redhat_00001.1.el9eap | * |
Potential Mitigations
Related Attack Patterns
References
- https://access.redhat.com/errata/RHSA-2024:1677
- https://access.redhat.com/errata/RHSA-2024:3580
- https://access.redhat.com/errata/RHSA-2024:3581
- https://access.redhat.com/errata/RHSA-2024:3583
- https://access.redhat.com/security/cve/CVE-2024-1102
- https://bugzilla.redhat.com/show_bug.cgi?id=2262060
- https://github.com/jberet/jsr352/issues/452
- https://access.redhat.com/errata/RHSA-2024:3580
- https://access.redhat.com/errata/RHSA-2024:3581
- https://access.redhat.com/errata/RHSA-2024:3583
- https://access.redhat.com/security/cve/CVE-2024-1102
- https://bugzilla.redhat.com/show_bug.cgi?id=2262060
- https://github.com/jberet/jsr352/issues/452