Search for packages
| purl | pkg:maven/org.apache.jackrabbit/oak-core@1.10.8 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-gqm1-2mg6-t7dt
Aliases: CVE-2020-1940 GHSA-3h68-wvv6-8r5h |
Information Exposure The optional initial password change and password expiration features are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-gqm1-2mg6-t7dt | Information Exposure The optional initial password change and password expiration features are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed. |
CVE-2020-1940
GHSA-3h68-wvv6-8r5h |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:26:45.548758+00:00 | GitLab Importer | Affected by | VCID-gqm1-2mg6-t7dt | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.jackrabbit/oak-core/CVE-2020-1940.yml | 38.6.0 |
| 2026-06-04T17:28:13.572468+00:00 | GithubOSV Importer | Fixing | VCID-gqm1-2mg6-t7dt | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-3h68-wvv6-8r5h/GHSA-3h68-wvv6-8r5h.json | 38.6.0 |