CVE-2023-4065

A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_middleware:1:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

History

02 Oct 2023, 16:47

Type Values Removed Values Added
First Time Redhat openshift Container Platform
Redhat jboss A-mq
Redhat jboss Middleware
Redhat
Redhat enterprise Linux
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References (MISC) https://access.redhat.com/security/cve/CVE-2023-4065 - (MISC) https://access.redhat.com/security/cve/CVE-2023-4065 - Vendor Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:4720 - (MISC) https://access.redhat.com/errata/RHSA-2023:4720 - Vendor Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2224630 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2224630 - Issue Tracking, Vendor Advisory
CWE CWE-276
CPE cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_middleware:1:*:*:*:*:*:*:*

27 Sep 2023, 15:19

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-27 15:19

Updated : 2024-07-03 01:42


NVD link : CVE-2023-4065

Mitre link : CVE-2023-4065

CVE.ORG link : CVE-2023-4065


JSON object : View

Products Affected

redhat

  • jboss_middleware
  • enterprise_linux
  • openshift_container_platform
  • jboss_a-mq
CWE
CWE-276

Incorrect Default Permissions

CWE-117

Improper Output Neutralization for Logs