First published: Sat Jul 22 2023(Updated: )
A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Jboss A-mq | =7 | |
Redhat Jboss Middleware | =1 | |
Redhat Openshift Container Platform | =4.11 | |
Redhat Openshift Container Platform | =4.12 | |
Redhat Enterprise Linux | =8.0 | |
redhat/AMQ Broker Operator | <7.11.1 | 7.11.1 |
All of | ||
Any of | ||
Redhat Openshift Container Platform | =4.11 | |
Redhat Openshift Container Platform | =4.12 | |
Redhat Enterprise Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-4066 is a vulnerability found in Red Hat's AMQ Broker that stores certain passwords in plaintext in the StatefulSet details yaml.
Red Hat's AMQ Broker Operator version 7.11.1 is affected by CVE-2023-4066.
To fix CVE-2023-4066, upgrade to AMQ Broker Operator version 7.11.1.
CVE-2023-4066 has a severity level of medium.
You can find more information about CVE-2023-4066 on the Red Hat security advisory page and the associated bugzilla report.