Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05d21mLXhmM2gtcjhwcs4AA7T1
Jberet: jberet-core logging database credentials
A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.
Permalink: https://github.com/advisories/GHSA-9wmf-xf3h-r8prJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05d21mLXhmM2gtcjhwcs4AA7T1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 11 days ago
Updated: 11 days ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-9wmf-xf3h-r8pr, CVE-2024-1102
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-1102
- https://github.com/jberet/jsr352/issues/452
- https://access.redhat.com/security/cve/CVE-2024-1102
- https://bugzilla.redhat.com/show_bug.cgi?id=2262060
- https://github.com/jberet/jsr352/commit/eeef999663d7da0e372aeeeac26ecf7201a3121d
- https://github.com/advisories/GHSA-9wmf-xf3h-r8pr
Blast Radius: 16.0
Affected Packages
maven:org.jberet:jberet-core
Dependent packages: 44Dependent repositories: 294
Downloads:
Affected Version Ranges: < 2.2.1.Final
Fixed in: 2.2.1.Final
All affected versions:
All unaffected versions: