CVE-2024-1102: Jberet: jberet-core logging database credentials

Description

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.

Classification

CVE ID: CVE-2024-1102

Problem Types

Unprotected Transport of Credentials

Affected Products

Vendor: , Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat

Product: , Red Hat JBoss Enterprise Application Platform 8, Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8, Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8, Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9, Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9, Red Hat Build of Keycloak, Red Hat Data Grid 8, Red Hat Fuse 7, Red Hat JBoss Data Grid 7, Red Hat JBoss Enterprise Application Platform 6, Red Hat JBoss Enterprise Application Platform 6, Red Hat JBoss Enterprise Application Platform 6, Red Hat JBoss Enterprise Application Platform 6, Red Hat JBoss Enterprise Application Platform 6, Red Hat JBoss Enterprise Application Platform 6, Red Hat JBoss Enterprise Application Platform 6, Red Hat JBoss Enterprise Application Platform 6, Red Hat JBoss Enterprise Application Platform 7, Red Hat JBoss Enterprise Application Platform Expansion Pack 5, Red Hat Single Sign-On 7

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 0.12915 (how common is this exploit)

EPSS Date: 2025-03-15 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

Timeline

2025-02-26 04:40:17 UTC
CVE

Jberet: jberet-core logging database credentials