GHSA-h259-3rjg-5qp3

Suggest an improvement
Source
https://github.com/advisories/GHSA-h259-3rjg-5qp3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h259-3rjg-5qp3/GHSA-h259-3rjg-5qp3.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-h259-3rjg-5qp3
Aliases
  • CVE-2014-0085
Published
2022-05-14T02:19:43Z
Modified
2023-11-01T04:45:24.924989Z
Summary
Exposure of Sensitive Information to an Unauthorized Actor in JBoss Fuse
Details

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

Database specific
{
    "nvd_published_at": "2014-04-17T14:55:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-07T23:05:10Z"
}
References

Affected packages

Maven / org.jboss.fuse:jboss-fuse

Package

Name
org.jboss.fuse:jboss-fuse
View open source insights on deps.dev
Purl
pkg:maven/org.jboss.fuse/jboss-fuse

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.0