CVE-2023-4066

Summary

A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.

Affected Software

VendorProductVersion RangeStatus
Red HatRHEL-8 based Middleware Containers7.11.1-9 < *unaffected
Red HatRHEL-8 based Middleware Containers7.11.1-12 < *unaffected

Weaknesses

  • CWE-313: Cleartext Storage in a File or on Disk

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References