Infinispan CLI Credential Leakage Vulnerability

Vulnerability

A vulnerability exists in Infinispan CLI where a sensitive password, decoded from a Base64-encoded Kubernetes secret, is handled in plaintext. This password is incorporated into a command string, which could inadvertently reveal the information in an error message if a command is not recognized.

Impact

Exposing sensitive credentials in error messages, which could lead to unauthorized access or actions.

Added: Jun 26, 2025, 10:50 PM

Updated: Jun 26, 2025, 10:50 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Infinispan CLI Credential Leakage Vulnerability

Vulnerability

Impact

Affected Products

Red Hat Infinispan CLI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating