Vulnerability Details : CVE-2023-4065
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.
Products affected by CVE-2023-4065
- cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_middleware:1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4065
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 5 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4065
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
Red Hat, Inc. |
CWE ids for CVE-2023-4065
-
The product does not neutralize or incorrectly neutralizes output that is written to logs.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- secalert@redhat.com (Secondary)
-
During installation, installed file permissions are set to allow anyone to modify those files.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-4065
-
https://access.redhat.com/security/cve/CVE-2023-4065
CVE-2023-4065- Red Hat Customer PortalVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2224630
2224630 – (CVE-2023-4065) CVE-2023-4065 Red Hat AMQ Broker Operator: plaintext password in operator logIssue Tracking;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2023:4720
RHSA-2023:4720 - Security Advisory - Red Hat Customer PortalVendor Advisory
Jump to