CVE-2025-54876
MEDIUMJanssen Project <= 1.9.0 - Insufficiently Protected Credentials via CLI Log File
Title source: llmDescription
The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in the nightly prerelease.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://github.com/JanssenProject/jans/security/advisories/GHSA-2f4x-m695-jvp3
Issue Tracking x_refsource_misc
https://github.com/JanssenProject/jans/pull/11903
Patch x_refsource_misc
https://github.com/JanssenProject/jans/commit/3592837764fe48b956e3140ca17b8ef7cac00a47
Various Sources x_refsource_misc
https://github.com/JanssenProject/jans/discussions/11886
Scores
CVSS v4
6.9
EPSS
0.0043
EPSS Percentile
34.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-522
Status
published
Products (1)
JanssenProject/jans
< nightly
Published
Aug 06, 2025
Tracked Since
Feb 18, 2026