CVE-2013-4112: Exposure of Sensitive Information to an Unauthorized Actor in JGroup
5.4
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.6939%
CWE
Published
5/17/2022
Updated
1/27/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
AV:A/AC:M/Au:N/C:P/I:P/A:P
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
org.jgroups:jgroups | maven | >= 3.0.0, <= 3.2.8.Final | 3.2.9.Final |
org.jgroups:jgroups | maven | >= 3.3.0, <= 3.3.2.Final | 3.3.3.Final |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability centers on JGroups' DiagnosticsHandler authentication mechanism. While exact patch diffs aren't provided, multiple authoritative sources:
- Explicitly name DiagnosticsHandler as the vulnerable component
- Describe credential reuse attacks
- Show fixes in JGroups versions 3.2.9/3.3.3
In JGroups architecture, the handle() method is the entry point for processing diagnostic requests, making it the logical location for authentication checks. The presence of credential caching/reuse suggests either the main request handler or a dedicated authentication method would retain stale credentials. The high confidence for handle() comes from direct advisory references, while authenticate() is inferred from the vulnerability pattern.