CVE-2023-5384 HIGH

CVE-2023-5384: Infinispan: credentials returned from configuration as clear text

Vendor Red Hat
Product Red Hat Data Grid 8.4.6
Weakness CWE-312 · Cleartext storage
Published December 18, 2023
Last update November 20, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.

Key dates

02Disclosure timeline

December 18, 2023 CVE published
November 20, 2025 Record updated