CVE-2022-45868 - H2 Password Exposure False Positive

CVE-2022-45868 (opens new window) details a vulnerability within H2 when it is used as a stand alone server and started using their CLI. Rundeck and Process Automation use the H2 database to streamline setups and provide a quick way to get started with the product.

Rundeck/Process Automation's implementation uses an embeded db, not using the CLI. This implementation model is not vulnerable based on the details of the CVE provided in the notice and this discussion (opens new window) thread on the H2Database project.

If there are any additional questions please feel free to reach out using the support methods described here.