A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.infinispan:infinispan-core(Maven) | 15.0.0.Dev01 | 15.0.0.Dev07 | N/A |
| org.infinispan:infinispan-core(Maven) | 0 | 14.0.25.Final | N/A |
| org.infinispan:infinispan-commons(Maven) | 15.0.0.Dev01 | 15.0.0.Dev07 | N/A |
| org.infinispan:infinispan-commons(Maven) | 0 | 14.0.25.Final | N/A |
| org.infinispan:infinispan-hotrod(Maven) | 15.0.0.Dev01 | 15.0.0.Dev07 | N/A |
| org.infinispan:infinispan-hotrod(Maven) | 0 | 14.0.25.Final | N/A |
| org.infinispan:infinispan-client-hotrod(Maven) | 15.0.0.Dev01 | 15.0.0.Dev07 | N/A |
| org.infinispan:infinispan-client-hotrod(Maven) | 0 | 14.0.25.Final | N/A |
| org.infinispan:infinispan-cachestore-jdbc-common(Maven) | 15.0.0.Dev01 | 15.0.0.Dev07 | N/A |
| org.infinispan:infinispan-cachestore-jdbc-common(Maven) | 0 | 14.0.25.Final | N/A |
| org.infinispan:infinispan-cachestore-remote(Maven) | 15.0.0.Dev01 | 15.0.0.Dev07 | N/A |
| org.infinispan:infinispan-cachestore-remote(Maven) | 0 | 14.0.25.Final | N/A |
| org.infinispan:infinispan-cachestore-sql(Maven) | 15.0.0.Dev01 | 15.0.0.Dev07 | N/A |
| org.infinispan:infinispan-cachestore-sql(Maven) | 0 | 14.0.25.Final | N/A |
| org.infinispan:infinispan-cachestore-jdbc(Maven) | 15.0.0.Dev01 | 15.0.0.Dev07 | N/A |
| org.infinispan:infinispan-cachestore-jdbc(Maven) | 0 | 14.0.25.Final | N/A |
CVSS Metrics
