CVE-2022-45868

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-45868
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45868.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-45868
Aliases
Related
Withdrawn
2024-04-03T03:02:38Z
Published
2022-11-23T21:15:11Z
Modified
2025-01-14T11:15:45.889110Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that." Nonetheless, the issue was fixed in 2.2.220.

References

Affected packages

Debian:11 / h2database

Package

Name
h2database
Purl
pkg:deb/debian/h2database?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.197-4
1.4.197-4+deb11u1

2.*

2.1.210-1
2.1.210+really1.4.197-1
2.1.212-1
2.1.214-1
2.2.220-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:12 / h2database

Package

Name
h2database
Purl
pkg:deb/debian/h2database?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.214-1
2.2.220-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:13 / h2database

Package

Name
h2database
Purl
pkg:deb/debian/h2database?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.214-1
2.2.220-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Git / github.com/h2database/h2database

Affected ranges

Type
GIT
Repo
https://github.com/h2database/h2database
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1ba3590b5d29581a14b018b966e5da0a8ff2994c

Affected versions

version-1.*

version-1.4.188
version-1.4.190
version-1.4.191
version-1.4.192
version-1.4.193
version-1.4.194
version-1.4.195
version-1.4.196
version-1.4.197
version-1.4.198
version-1.4.199
version-1.4.200

version-2.*

version-2.0.202
version-2.0.204
version-2.1.210
version-2.1.212
version-2.1.214