GHSA-rp7r-79rm-2758
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rp7r-79rm-2758
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rp7r-79rm-2758/GHSA-rp7r-79rm-2758.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rp7r-79rm-2758
- Aliases
-
- CVE-2005-4849
- Published
- 2022-05-01T02:31:27Z
- Modified
- 2024-11-30T05:24:31.837911Z
- Summary
- Apache Derby exposes user and password attributes
- Details
-
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
- Database specific
{ "nvd_published_at": "2005-12-31T05:00:00Z", "cwe_ids": [ "CWE-200" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-05-25T20:21:39Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2005-4849
- https://github.com/apache/derby/commit/09a7325f75a4f96a7735e46c9723930f88ea2613
- https://github.com/apache/derby/commit/82d721fd53e30dbb86d6d742c085030985091968
- https://github.com/apache/derby/commit/fd24a7590ff5426bac68303fbeca07dbc5067412
- https://github.com/apache/derby
- http://db.apache.org/derby/releases/release-10.1.2.1.html
- http://issues.apache.org/jira/browse/DERBY-530
- http://issues.apache.org/jira/browse/DERBY-559
- http://svn.apache.org/viewvc?view=revision&revision=289672
Affected packages
Maven / org.apache.derby:derby
Package
- Name
- org.apache.derby:derby
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.derby/derby