Primary

Context

Infinispan Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability exists in Infinispan when JGroups is used with JDBC_PING. This flaw can lead to the unintentional logging of sensitive information, such as configuration details and credentials, in plaintext. If logs are accessible to low-privileged users or attackers, this exposure could result in unauthorized access. The issue arises from misconfigurations that leave external addresses unresolved, causing connection details, including database usernames and passwords, to be logged.

Impact

Exploitation of this vulnerability can lead to the exposure of sensitive credentials, such as database usernames and passwords, allowing for unauthorized access if the logged information is accessible to low-privileged users or attackers.

Remediation

This vulnerability has been addressed in Red Hat Data Grid 8.5.3. Users can apply the update by following the instructions available in the Red Hat Product Errata RHSA-2025:2663.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Infinispan Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

org.infinispan

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating