Loading...

XML

Word

Printable

Type: Vulnerability
Resolution: Done-Errata
Priority: Major
Fix Version/s: RHDG 8.5.4 GA
Affects Version/s: RHDG 8.5.0 GA
Component/s: Server
Labels:

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
CDW pm_ack:
CDW release:
Target Release:

RHDG 8.5.4 GA
Intelligence Requested:
Market:
Source:
Upstream
CVE ID:
CVE-2025-5731
CVSS Score:
6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE ID:
CWE-209
Downstream Component Name:
infinispan-cli-client
Upstream Affected Component:
infinispan
Embargo Status:
False

Severity:
Moderate

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Security Tracking Issue

Do not make this issue public.

Flaw:

Credential Leakage in Infinispan CLI
https://bugzilla.redhat.com/show_bug.cgi?id=2370429

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

~~~

Tracker accuracy feedback form: https://docs.google.com/forms/d/e/1FAIpQLSfa6zTaEGohRdiIqGVAvWTSAL0kpO_DkkEICuIHzQHFwmKswg/viewform

links to

RHSA-2025:151425 Red Hat Data Grid 8.5.4 security update

Assignee:: Tristan Tarrant

Reporter:: Patrick Del Bello

Tester:: Pavel Drobek

Contributors:: Alan Field, Paramvir Jindal, Pavel Drobek, Priyanka Minz, Tristan Tarrant

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Due:: 2025/08/15

Created:: 2025/06/05 1:53 PM

Updated:: 2025/09/10 2:24 PM

Resolved:: 2025/07/01 4:31 PM

Target start:: 2025/06/26

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates