[MAVEN:GHSA-CC62-496P-HRR7] Exposure of Sensitive Information to an Unauthorized Actor in JGroup

Severity Moderate

Affected Packages 2

Fixed Packages 2

CVEs 1

The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.

Package	Affected Version
pkg:maven/org.jgroups/jgroups	>= 3.3.0, <= 3.3.2.Final
pkg:maven/org.jgroups/jgroups	>= 3.0.0, <= 3.2.8.Final

Package	Fixed Version
pkg:maven/org.jgroups/jgroups	= 3.3.3.Final
pkg:maven/org.jgroups/jgroups	= 3.2.9.Final

ID: MAVEN:GHSA-CC62-496P-HRR7
Severity: moderate
URL: https://github.com/advisories/GHSA-cc62-496p-hrr7
Published: 2022-05-17T04:50:16
(2 years ago)
Modified: 2023-01-27T05:02:23
(20 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2013-4112
			https://bugzilla.redhat.com/show_bug.cgi?id=983489
			http://rhn.redhat.com/errata/RHSA-2013-1207.html
			http://rhn.redhat.com/errata/RHSA-2013-1208.html
			http://rhn.redhat.com/errata/RHSA-2013-1209.html
			http://rhn.redhat.com/errata/RHSA-2013-1437.html
			http://rhn.redhat.com/errata/RHSA-2013-1771.html
			http://rhn.redhat.com/errata/RHSA-2014-0029.html
			https://github.com/advisories/GHSA-cc62-496p-hrr7

Type	Package URL	Namespace	Name / Product	Version
Affected	pkg:maven/org.jgroups/jgroups	org.jgroups	jgroups	>= 3.3.0 <= 3.3.2.Final
Fixed	pkg:maven/org.jgroups/jgroups	org.jgroups	jgroups	= 3.3.3.Final
Affected	pkg:maven/org.jgroups/jgroups	org.jgroups	jgroups	>= 3.0.0 <= 3.2.8.Final
Fixed	pkg:maven/org.jgroups/jgroups	org.jgroups	jgroups	= 3.2.9.Final

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date