[HIVE-27501] CVE-2022-45868: Upgrade h2database version to 2.2.220 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.1.3
Fix Version/s: 4.0.0-beta-1
Component/s: None
Labels:
- pull-request-available

Target Version/s:

4.0.0

Description

The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments.

Attachments

Issue Links

links to

GitHub Pull Request #4481

GitHub Pull Request #4488

GitHub Pull Request #4489

Activity

People

Assignee:: Diksha

Reporter:: Diksha

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/Jul/23 07:09

Updated:: 24/Sep/23 00:19

Resolved:: 13/Jul/23 16:31