GHSA-pjw3-c74j-m9fj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pjw3-c74j-m9fj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pjw3-c74j-m9fj/GHSA-pjw3-c74j-m9fj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-pjw3-c74j-m9fj
- Aliases
- Published
- 2022-05-24T16:45:43Z
- Modified
- 2023-11-08T03:58:34.260489Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Password in config file in KIE server
- Details
-
It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services.
- Database specific
{ "nvd_published_at": "2019-05-15T16:29:00Z", "github_reviewed_at": "2023-02-14T00:57:31Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-260" ] }- References
Affected packages
Maven / org.kie.server:kie-server-common
Package
- Name
- org.kie.server:kie-server-common
- View open source insights on deps.dev
- Purl
- pkg:maven/org.kie.server/kie-server-common
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.21.0.Final
Affected versions
7.*
7.0.0.Beta3
7.0.0.Beta4
7.0.0.Beta5
7.0.0.Beta6
7.0.0.Beta7
7.0.0.Beta8
7.0.0.CR1
7.0.0.CR2
7.0.0.CR3
7.0.0.Final
7.1.0.Beta1
7.1.0.Beta2
7.1.0.Beta3
7.1.0.Final
7.2.0.Final
7.3.0.Final
7.4.0.Final
7.4.1.Final
7.5.0.Final
7.6.0.Final
7.6.0.t022
7.7.0.Final
7.8.0.Final
7.9.0.Final
7.10.0.Final
7.11.0.Final
7.12.0.Final
7.13.0.Final
7.14.0.Final
7.15.0.Final
7.16.0.Final
7.17.0.Final
7.18.0.Final
7.19.0.Final
7.20.0.Final