Apache Jackrabbit Oak
By the Year
In 2024 there have been 0 vulnerabilities in Apache Jackrabbit Oak . Jackrabbit Oak did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 7.50 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Jackrabbit Oak vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Jackrabbit Oak Security Vulnerabilities
The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability
CVE-2020-1940
7.5 - High
- January 28, 2020
The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed.
Improper Removal of Sensitive Information Before Storage or Transfer
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Jackrabbit Oak or by Apache? Click the Watch button to subscribe.
