{"id":"CVE-2020-10727","details":"A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.","aliases":["GHSA-q9g8-9hpp-xc82"],"modified":"2026-03-14T09:48:04.462263Z","published":"2020-06-26T16:15:12.063Z","references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210827-0001/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1827200"},{"type":"REPORT","url":"https://issues.redhat.com/browse/ENTMQBR-3435"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/activemq-artemis","events":[{"introduced":"c3eb6c12add88ee7a49bd65eff22ae63929d06bb"},{"last_affected":"30272e0c2fd1d53c0fc41f70c26237bff3b379d4"}],"database_specific":{"versions":[{"introduced":"2.7.0"},{"last_affected":"2.12.0"}]}}],"versions":["2.10.0","2.10.1","2.11.0","2.12.0","2.7.0","2.8.0","2.8.1","2.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10727.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}