Description
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
Remediation
References
https://access.redhat.com/errata/RHSA-2019:2998
https://access.redhat.com/errata/RHSA-2020:0727
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212
https://security.netapp.com/advisory/ntap-20220210-0017/
Related Vulnerabilities
CVE-2023-42795 Vulnerability in maven package org.apache.tomcat:tomcat
CVE-2023-29216 Vulnerability in maven package org.apache.linkis:linkis-engineplugin-jdbc
CVE-2019-10184 Vulnerability in maven package io.undertow:undertow-servlet
CVE-2016-1000031 Vulnerability in maven package commons-fileupload:commons-fileupload
CVE-2014-0073 Vulnerability in npm package cordova-plugin-inappbrowser