CVE-2023-5384— Infinispan: credentials returned from configuration as clear text

CVSS 7.2 · High EPSS 0.55% · P68 Updated Feb 26, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-5384

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Infinispan: credentials returned from configuration as clear text

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

敏感数据的明文存储

Source: NVD (National Vulnerability Database)

Vulnerability Title

Red Hat Infinispan 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Red Hat Infinispan是美国红帽（Red Hat）公司的一套分布式缓存和键值NoSQL数据存储软件。 Red Hat Infinispan存在安全漏洞，该漏洞源于从配置中以明文形式返回凭证。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Red Hat	Red Hat Data Grid 8.4.6	-	`cpe:/a:redhat:jboss_data_grid:8`

II. Public POCs for CVE-2023-5384

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-5384

请登录查看更多情报信息。

https://access.redhat.com/security/cve/CVE-2023-5384vdb-entryx_refsource_REDHAT
NetApp Product Security
https://access.redhat.com/errata/RHSA-2023:7676vendor-advisoryx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2023-5384

Same Patch Batch · Red Hat · 2023-12-18 · 10 CVEs total

CVE-2023-4320	7.6 HIGH	Satellite: arithmetic overflow in satellite
CVE-2023-5056	6.8 MEDIUM	Skupper-operator: privelege escalation via config map
CVE-2023-3628	6.5 MEDIUM	Infispan: rest bulk ops don't check permissions
CVE-2023-5115	6.3 MEDIUM	Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files
CVE-2023-6927	4.6 MEDIUM	Keycloak: open redirect via "form_post.jwt" jarm response mode
CVE-2023-5236	4.4 MEDIUM	Infinispan: circular reference on marshalling leads to dos
CVE-2023-3629	4.3 MEDIUM	Infinispan: non-admins should not be able to get cache config via rest api
CVE-2023-6918	3.7 LOW	Libssh: missing checks for return values for digests
CVE-2023-6228	3.3 LOW	Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c

IV. Related Vulnerabilities

Same product: Red Hat Data Grid 8.4.6

CVE-2023-4586
Hotrod-client: hot rod client does not enable hostname vali

Same vendor: Red Hat

Same weakness: CWE-312

V. Comments for CVE-2023-5384

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-5384— Infinispan: credentials returned from configuration as clear text

I. Basic Information for CVE-2023-5384

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-5384

III. Intelligence Information for CVE-2023-5384

Same Patch Batch · Red Hat · 2023-12-18 · 10 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-5384

Leave a comment