CVE-2023-4065

Summary

A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.

Affected Software

VendorProductVersion RangeStatus
Red HatRHEL-8 based Middleware Containers7.11.1-9 < *unaffected
Red HatRHEL-8 based Middleware Containers7.11.1-12 < *unaffected

Weaknesses

  • CWE-117: Improper Output Neutralization for Logs

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References