CVE-2013-4112 – org.jgroups:jgroups

Package

Manager: maven
Name: org.jgroups:jgroups
Vulnerable Version: >=3.0.0 <3.2.9.final || >=3.3.0 <3.3.3.final

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00622 pctl0.69171

Details

Exposure of Sensitive Information to an Unauthorized Actor in JGroup The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.

Metadata

Created: 2022-05-17T04:50:16Z
Modified: 2022-07-08T19:16:54Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cc62-496p-hrr7/GHSA-cc62-496p-hrr7.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-cc62-496p-hrr7
Finding: F310
Auto approve: 1