CVE-2023-4065 MEDIUM

CVE-2023-4065: Operator: plaintext password in operator log

Vendor Red Hat
Product Red Hat AMQ Broker 7
Weakness CWE-117
Published September 26, 2023
Last update March 18, 2026

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.

Key dates

02Disclosure timeline

September 26, 2023 CVE published
March 18, 2026 Record updated