CVE-2023-4066 MEDIUM

CVE-2023-4066: Operator: passwords defined in secrets shown in statefulset yaml

Vendor Red Hat
Product Red Hat AMQ Broker 7
Weakness CWE-313
Published September 27, 2023
Last update November 20, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.

Key dates

02Disclosure timeline

September 27, 2023 CVE published
November 20, 2025 Record updated

Related vulnerabilities

04Related CVE