GHSA-cqm8-rg2p-jfcf

Source

https://github.com/advisories/GHSA-cqm8-rg2p-jfcf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-cqm8-rg2p-jfcf/GHSA-cqm8-rg2p-jfcf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-cqm8-rg2p-jfcf

Aliases

CVE-2025-5731

Related

CGA-v7vx-fhpg-93r7

Published

2025-06-27T00:31:14Z

Modified

2026-03-27T11:26:31.838163Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information

Details

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

Database specific

{
    "github_reviewed": true,
    "severity": "MODERATE",
    "github_reviewed_at": "2025-06-27T22:04:43Z",
    "nvd_published_at": "2025-06-26T22:15:24Z",
    "cwe_ids": [
        "CWE-209"
    ]
}

References

Affected packages

Maven / org.infinispan:infinispan-cli-client

Package

Name: org.infinispan:infinispan-cli-client; View open source insights on deps.dev
Purl: pkg:maven/org.infinispan/infinispan-cli-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

16.0.0.Dev01

Affected versions

5.*

5.2.0.ALPHA1

5.2.0.ALPHA2

5.2.0.Alpha3

5.2.0.Alpha4

5.2.0.Beta1

5.2.0.Beta2

5.2.0.Beta3

5.2.0.Beta4

5.2.0.Beta5

5.2.0.Beta6

5.2.0.CR1

5.2.0.CR2

5.2.0.CR3

5.2.0.Final

5.2.1.Final

5.2.2.Final

5.2.3.Final

5.2.4.Final

5.2.5.Final

5.2.6.Final

5.2.7.Final

5.2.8.CR1

5.2.8.Final

5.2.9.Final

5.2.10.Final

5.2.11.CR1

5.2.11.Final

5.2.12.Final

5.2.13.Final

5.2.14.Final

5.2.15.Final

5.2.18.Final

5.2.19.Final

5.2.20.Final

5.3.0.Alpha1

5.3.0.Beta1

5.3.0.Beta2

5.3.0.CR1

5.3.0.CR2

5.3.0.Final

6.*

6.0.0.Alpha1

6.0.0.Alpha2

6.0.0.Alpha3

6.0.0.Alpha4

6.0.0.Beta1

6.0.0.Beta2

6.0.0.CR1

6.0.0.Final

6.0.1.Final

6.0.2.Final

7.*

7.0.0.Alpha1

7.0.0.Alpha2

7.0.0.Alpha3

7.0.0.Alpha4

7.0.0.Alpha5

7.0.0.Beta1

7.0.0.Beta2

7.0.0.CR1

7.0.0.CR2

7.0.0.Final

7.0.1.Final

7.0.2.Final

7.0.3.Final

7.1.0.Alpha1

7.1.0.Beta1

7.1.0.CR1

7.1.0.CR2

7.1.0.Final

7.1.1.Final

7.2.0.Alpha1

7.2.0.Beta1

7.2.0.Beta2

7.2.0.CR1

7.2.0.Final

7.2.1.Final

7.2.2.Final

7.2.3.Final

7.2.4.Final

7.2.5.Final

8.*

8.0.0.Alpha1

8.0.0.Alpha2

8.0.0.Beta1

8.0.0.Beta2

8.0.0.Beta3

8.0.0.CR1

8.0.0.Final

8.0.1.Final

8.0.2.Final

8.1.0.Alpha1

8.1.0.Alpha2

8.1.0.Beta1

8.1.0.CR1

8.1.0.Final

8.1.1.Final

8.1.2.Final

8.1.3.Final

8.1.4.Final

8.1.5.Final

8.1.6.Final

8.1.7.Final

8.1.8.Final

8.1.9.Final

8.2.0.Beta1

8.2.0.Beta2

8.2.0.CR1

8.2.0.Final

8.2.1.Final

8.2.2.Final

8.2.3.Final

8.2.4.Final

8.2.5.Final

8.2.6.Final

8.2.7.Final

8.2.8.Final

8.2.10.Final

8.2.11.Final

8.2.12.Final

9.*

9.0.0.Alpha1

9.0.0.Alpha2

9.0.0.Alpha3

9.0.0.Alpha4

9.0.0.Beta1

9.0.0.Beta2

9.0.0.CR1

9.0.0.CR2

9.0.0.CR3

9.0.0.CR4

9.0.0.Final

9.0.1.Final

9.0.2.Final

9.0.3.Final

9.1.0.Alpha1

9.1.0.Beta1

9.1.0.CR1

9.1.0.Final

9.1.1.Final

9.1.2.Final

9.1.3.Final

9.1.4.Final

9.1.5.Final

9.1.6.Final

9.1.7.Final

9.2.0.Alpha1

9.2.0.Alpha2

9.2.0.Beta1

9.2.0.Beta2

9.2.0.CR1

9.2.0.CR2

9.2.0.CR3

9.2.0.Final

9.2.1.Final

9.2.2.Final

9.2.3.Final

9.2.4.Final

9.2.5.Final

9.3.0.Alpha1

9.3.0.Beta1

9.3.0.CR1

9.3.0.Final

9.3.1.Final

9.3.2.Final

9.3.3.Final

9.3.4.Final

9.3.5.Final

9.3.6.Final

9.3.8.Final

9.3.9.Final

9.4.0.Alpha1

9.4.0.Beta1

9.4.0.CR1

9.4.0.CR2

9.4.0.CR3

9.4.0.Final

9.4.1.Final

9.4.2.Final

9.4.3.Final

9.4.4.Final

9.4.5.Final

9.4.6.Final

9.4.7.Final

9.4.8.Final

9.4.9.Final

9.4.10.Final

9.4.11.Final

9.4.12.Final

9.4.13.Final

9.4.14.Final

9.4.15.Final

9.4.16.Final

9.4.17.Final

9.4.18.Final

9.4.19.Final

9.4.20.Final

9.4.21.Final

9.4.22.Final

9.4.23.Final

9.4.24.Final

10.*

10.0.0.Alpha1

10.0.0.Alpha2

10.0.0.Alpha3

10.0.0.Beta1

10.0.0.Beta2

10.0.0.Beta3

10.0.0.Beta4

10.0.0.Beta5

10.0.0.CR1

10.0.0.CR2

10.0.0.CR3

10.0.0.Final

10.0.1.Final

10.1.0.Beta1

10.1.0.CR1

10.1.0.Final

10.1.1.Final

10.1.2.Final

10.1.3.Final

10.1.4.Final

10.1.5.Final

10.1.6.Final

10.1.7.Final

10.1.8.Final

10.1.9.Final

11.*

11.0.0.Alpha

11.0.0.Alpha1

11.0.0.Alpha2

11.0.0.CR1

11.0.0.Final

11.0.0.Dev03

11.0.0.Dev04

11.0.0.Dev05

11.0.1.Final

11.0.2.Final

11.0.3.Final

11.0.4.Final

11.0.5.Final

11.0.6.Final

11.0.7.Final

11.0.8.Final

11.0.9.Final

11.0.10.Final

11.0.11.Final

11.0.13.Final

11.0.14.Final

11.0.15.Final

11.0.16.Final

11.0.17.Final

11.0.18.Final

11.0.19.Final

12.*

12.0.0.CR1

12.0.0.Final

12.0.0.Dev01

12.0.0.Dev02

12.0.0.Dev03

12.0.0.Dev3

12.0.0.Dev04

12.0.0.Dev05

12.0.0.Dev06

12.0.0.Dev07

12.0.1.Final

12.0.2.Final

12.1.0.CR1

12.1.0.CR2

12.1.0.Final

12.1.0.Dev01

12.1.1.Final

12.1.2.Final

12.1.3.Final

12.1.4.Final

12.1.5.Final

12.1.6.Final

12.1.7.Final

12.1.8.Final

12.1.9.Final

12.1.10.Final

12.1.11.Final

12.1.12.Final

12.1.13.Final

12.1.14.Final

12.1.15.Final

12.1.16.Final

13.*

13.0.0.CR1

13.0.0.CR2

13.0.0.Final

13.0.0.Dev01

13.0.0.Dev02

13.0.0.Dev03

13.0.0.Dev04

13.0.1.Final

13.0.2.Final

13.0.3.Final

13.0.4.Final

13.0.5.Final

13.0.6.Final

13.0.7.Final

13.0.8.Final

13.0.9.Final

13.0.10.Final

13.0.11.Final

13.0.12.Final

13.0.13.Final

13.0.14.Final

13.0.15.Final

13.0.16.Final

13.0.17.Final

13.0.18.Final

13.0.19.Final

13.0.20.Final

13.0.21.Final

13.0.22.Final

14.*

14.0.0.CR1

14.0.0.CR2

14.0.0.Final

14.0.0.Dev01

14.0.0.Dev02

14.0.0.Dev03

14.0.0.Dev04

14.0.1.Final

14.0.2.Final

14.0.3.Final

14.0.4.Final

14.0.5.Final

14.0.6.Final

14.0.7.Final

14.0.8.Final

14.0.9.Final

14.0.10.Final

14.0.11.Final

14.0.12.Final

14.0.13.Final

14.0.14.Final

14.0.15.Final

14.0.16.Final

14.0.17.Final

14.0.18.Final

14.0.19.Final

14.0.20.Final

14.0.21.Final

14.0.22.Final

14.0.23.Final

14.0.24.Final

14.0.25.Final

14.0.26.Final

14.0.27.Final

14.0.28.Final

14.0.29.Final

14.0.30.Final

14.0.31.Final

14.0.32.Final

14.0.33.Final

14.0.34.Final

14.0.35.Final

15.*

15.0.0.CR1

15.0.0.Final

15.0.0.Dev01

15.0.0.Dev02

15.0.0.Dev03

15.0.0.Dev04

15.0.0.Dev05

15.0.0.Dev06

15.0.0.Dev07

15.0.0.Dev08

15.0.0.Dev09

15.0.0.Dev10

15.0.1.Final

15.0.2.Final

15.0.3.Final

15.0.4.Final

15.0.5.Final

15.0.6.Final

15.0.7.Final

15.0.8.Final

15.0.9.Final

15.0.10.Final

15.0.11.Final

15.0.12.Final

15.0.13.Final

15.0.14.Final

15.0.15.Final

15.0.16.Final

15.0.17.Final

15.0.18.Final

15.0.19.Final

15.0.20.Final

15.0.21.Final

15.0.22.Final

15.1.0.Final

15.1.0.Dev01

15.1.0.Dev02

15.1.0.Dev03

15.1.0.Dev04

15.1.0.Dev05

15.1.1.Final

15.1.2.Final

15.1.3.Final

15.1.4.Final

15.1.5.Final

15.1.6.Final

15.1.7.Final

15.2.0.Final

15.2.0.Dev01

15.2.0.Dev02

15.2.0.Dev03

15.2.1.Final

15.2.2.Final

15.2.3.Final

15.2.4.Final

15.2.5.Final

15.2.6.Final

16.*

16.0.0

16.0.0.Dev01

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-cqm8-rg2p-jfcf/GHSA-cqm8-rg2p-jfcf.json"