CVE-2024-1102
Aliases:GHSA-9wmf-xf3h-r8pr
Advisory lineage Upstream: 0 Downstream: 2
Downstream
Modified
Published: 25 Apr 2024, 16:24
Last modified:11 Nov 2025, 15:53
Vulnerability Summary
Overall Risk (default)
medium
36/100 CVSS Score
6.5 MEDIUM
v3.1 (cve.org)
EPSS Score
0.09% LOW
0% probability -0.06%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
25 Apr 2024, 16:24
Published
Vulnerability first disclosed
11 Nov 2025, 15:53
Last Modified
Vulnerability information updated
Description
A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Trends
Current EPSS score: 0.09%• Percentile: 26%
Techniques & Countermeasures
- CWE-523•Unprotected Transport of Credentials
Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.
- CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Affected Systems
- jberet•jberet
< 2.2.1
- org.jberet•jberet-core
< 2.2.1.Final
- redhat•jboss_enterprise_application_platform
na | 8.0
References (10)
- https://access.redhat.com/errata/RHSA-2024:1677
- https://access.redhat.com/errata/RHSA-2024:3580
- https://access.redhat.com/errata/RHSA-2024:3581
- https://access.redhat.com/errata/RHSA-2024:3583
- https://access.redhat.com/security/cve/CVE-2024-1102
- https://bugzilla.redhat.com/show_bug.cgi?id=2262060
- https://github.com/jberet/jsr352/issues/452
- https://nvd.nist.gov/vuln/detail/CVE-2024-1102
- https://github.com/jberet/jsr352/commit/eeef999663d7da0e372aeeeac26ecf7201a3121d
- https://github.com/jberet/jsr352