EUVD-2025-19671
GHSA-cqm8-rg2p-jfcf
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4Tags
Description
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
Analysis
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
Technical Context
Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Error Message Information Leak (CWE-209).
Affected Products
Affected products: Redhat Data Grid 8.5.4, Redhat Jboss Enterprise Application Platform 7.0.0, Redhat Jboss Enterprise Application Platform Expansion Pack -, Infinispan Infinispan -
Remediation
Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today