Insecure Credential Exposure in Infinispan Configuration Serialization

CVE-2023-5384 · LOW Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.

Learn more about our Web Application Penetration Testing UK.