Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oMjU5LTNyamctNXFwM84AAVUs
Exposure of Sensitive Information to an Unauthorized Actor in JBoss Fuse
JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.
Permalink: https://github.com/advisories/GHSA-h259-3rjg-5qp3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oMjU5LTNyamctNXFwM84AAVUs
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
Identifiers: GHSA-h259-3rjg-5qp3, CVE-2014-0085
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-0085
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085
- https://github.com/advisories/GHSA-h259-3rjg-5qp3
Affected Packages
maven:org.jboss.fuse:jboss-fuse
Affected Version Ranges: < 6.1.0Fixed in: 6.1.0