{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-1102","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2024-01-31T07:59:38.413Z","datePublished":"2024-04-25T16:24:30.245Z","dateUpdated":"2025-11-11T15:53:53.730Z"},"containers":{"cna":{"title":"Jberet: jberet-core logging database credentials","metrics":[{"other":{"content":{"value":"Moderate","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection."}],"affected":[{"versions":[{"status":"affected","version":"0","lessThan":"2.2.1","versionType":"semver"}],"packageName":"jberet","collectionURL":"https://github.com/jberet/jsr352","defaultStatus":"unaffected"},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"org.jberet/jberet-core","defaultStatus":"affected","versions":[{"version":"1.3.9.SP3-redhat-00001","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","defaultStatus":"unaffected","packageName":"jberet-core","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hibernate-search","defaultStatus":"affected","versions":[{"version":"0:6.2.2-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jberet","defaultStatus":"affected","versions":[{"version":"0:2.1.4-1.Final_redhat_00001.1.el8eap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-hibernate-search","defaultStatus":"affected","versions":[{"version":"0:6.2.2-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"eap8-jberet","defaultStatus":"affected","versions":[{"version":"0:2.1.4-1.Final_redhat_00001.1.el9eap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"]},{"vendor":"Red Hat","product":"Red Hat Build of Keycloak","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"jberet-core","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:build_keycloak:"]},{"vendor":"Red Hat","product":"Red Hat Data Grid 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"jberet-core","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_data_grid:8"]},{"vendor":"Red Hat","product":"Red Hat Fuse 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"jberet-core","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_fuse:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Data Grid 7","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"jberet-core","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_data_grid:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 6","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"jberet-core","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:6"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 6","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-adapter-eap6","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:6"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 6","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-adapter-sso7_2-eap6","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:6"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 6","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-adapter-sso7_3-eap6","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:6"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 6","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-adapter-sso7_4-eap6","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:6"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 6","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"keycloak-adapter-sso7_5-eap6","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:6"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 6","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"org.keycloak-keycloak-parent","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:6"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 6","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"rh-sso7-keycloak","defaultStatus":"unknown","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:6"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"jberet-core","defaultStatus":"affected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"jberet-core","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Single Sign-On 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"jberet-core","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:1677","name":"RHSA-2024:1677","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2024:3580","name":"RHSA-2024:3580","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2024:3581","name":"RHSA-2024:3581","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2024:3583","name":"RHSA-2024:3583","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/security/cve/CVE-2024-1102","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262060","name":"RHBZ#2262060","tags":["issue-tracking","x_refsource_REDHAT"]},{"url":"https://github.com/jberet/jsr352/issues/452"}],"datePublic":"2024-01-29T00:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-523","description":"Unprotected Transport of Credentials","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-523: Unprotected Transport of Credentials","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"timeline":[{"lang":"en","time":"2024-01-31T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2024-01-29T00:00:00.000Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2025-11-11T15:53:53.730Z"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-1102","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-04-25T17:44:29.138829Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-200","description":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T18:00:15.959Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T18:26:30.505Z"},"title":"CVE Program Container","references":[{"url":"https://access.redhat.com/errata/RHSA-2024:3580","name":"RHSA-2024:3580","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2024:3581","name":"RHSA-2024:3581","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/errata/RHSA-2024:3583","name":"RHSA-2024:3583","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/security/cve/CVE-2024-1102","tags":["vdb-entry","x_refsource_REDHAT","x_transferred"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262060","name":"RHBZ#2262060","tags":["issue-tracking","x_refsource_REDHAT","x_transferred"]},{"url":"https://github.com/jberet/jsr352/issues/452","tags":["x_transferred"]}]}]}}