CVE-2023-4065

MEDIUM

Red Hat AMQ Broker Operator - Info Disclosure

Title source: llm

Description

A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.

References (3)

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2023:4720

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2023-4065

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2224630

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 9.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-276 CWE-117

Status published

Products (7)

Red Hat/Red Hat AMQ Broker 7

Red Hat/RHEL-8 based Middleware Containers 7.11.1-12

Red Hat/RHEL-8 based Middleware Containers 7.11.1-9

redhat/jboss_a-mq 7

redhat/jboss_middleware 1

redhat/openshift_container_platform 4.11

redhat/openshift_container_platform 4.12

Published Sep 27, 2023

Tracked Since Feb 18, 2026