jberet-core-1.3.10.Final.jar: 1 vulnerabilities (highest severity is: 6.5)

[mend-for-github-com]

Vulnerable Library - jberet-core-1.3.10.Final.jar

Library home page: http://www.jboss.org

Path to dependency file: /batch-jberet/pom.xml

Path to vulnerable library: /batch-jberet/pom.xml

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (jberet-core version)	Remediation Possible**	Reachability
CVE-2024-1102	Medium	6.5	jberet-core-1.3.10.Final.jar	Direct	2.2.1.Final	✅

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2024-1102

Vulnerable Library - jberet-core-1.3.10.Final.jar

Library home page: http://www.jboss.org

Path to dependency file: /batch-jberet/pom.xml

Path to vulnerable library: /batch-jberet/pom.xml

Dependency Hierarchy:

• ❌ jberet-core-1.3.10.Final.jar (Vulnerable Library)

Found in base branch: main

Vulnerability Details

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.

Publish Date: 2024-04-25

URL: CVE-2024-1102

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2024-04-25

Fix Resolution: 2.2.1.Final

⛑️ Automatic Remediation will be attempted for this issue.

---

⛑️Automatic Remediation will be attempted for this issue.