org.infinispan:infinispan-parent 14.0.14.Final vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.infinispan:infinispan-parent package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Cleartext Storage of Sensitive Information Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the improper handling of sensitive information when serializing cache configurations. An attacker can obtain sensitive credentials by accessing the serialized configuration data in XML/JSON/YAML formats. Note: The issue's impact is limited because only users with administrator permissions can retrieve the cache configurations, and the recommended approach for connecting via JDBC is using the `datasource` configuration, which does not expose the database credentials. How to fix Cleartext Storage of Sensitive Information? There is no fixed version for `org.infinispan:infinispan-parent`.	[0,)
M Modules with Circular Dependencies Affected versions of this package are vulnerable to Modules with Circular Dependencies when the `marshalling` process is executed, allowing an attacker can cause a denial of service. How to fix Modules with Circular Dependencies? Upgrade `org.infinispan:infinispan-parent` to version 15.0.0.Dev02 or higher.	[,15.0.0.Dev02)
M Access Restriction Bypass Affected versions of this package are vulnerable to Access Restriction Bypass due to improper evaluation of the necessary admin permissions in the `REST API`, an attacker can access information outside of their intended permissions by exploiting the flaw in the cache retrieval endpoints. How to fix Access Restriction Bypass? Upgrade `org.infinispan:infinispan-parent` to version 14.0.26.Final, 15.0.0.Dev04 or higher.	[,14.0.26.Final)[15.0.0.CR1,15.0.0.Dev04)

Vulnerability

Vulnerable Version

Cleartext Storage of Sensitive Information

Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the improper handling of sensitive information when serializing cache configurations. An attacker can obtain sensitive credentials by accessing the serialized configuration data in XML/JSON/YAML formats.

Note:

The issue's impact is limited because only users with administrator permissions can retrieve the cache configurations, and the recommended approach for connecting via JDBC is using the datasource configuration, which does not expose the database credentials.

How to fix Cleartext Storage of Sensitive Information?

There is no fixed version for org.infinispan:infinispan-parent.

[0,)

Modules with Circular Dependencies

Affected versions of this package are vulnerable to Modules with Circular Dependencies when the marshalling process is executed, allowing an attacker can cause a denial of service.

How to fix Modules with Circular Dependencies?

Upgrade org.infinispan:infinispan-parent to version 15.0.0.Dev02 or higher.

[,15.0.0.Dev02)

Access Restriction Bypass

Affected versions of this package are vulnerable to Access Restriction Bypass due to improper evaluation of the necessary admin permissions in the REST API, an attacker can access information outside of their intended permissions by exploiting the flaw in the cache retrieval endpoints.

How to fix Access Restriction Bypass?

Upgrade org.infinispan:infinispan-parent to version 14.0.26.Final, 15.0.0.Dev04 or higher.

[,14.0.26.Final)[15.0.0.CR1,15.0.0.Dev04)

org.infinispan:infinispan-parent@14.0.14.Final vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?