Description

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

Remediation

References

https://access.redhat.com/errata/RHSA-2019:2998

https://access.redhat.com/errata/RHSA-2020:0727

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212

https://security.netapp.com/advisory/ntap-20220210-0017/

Related Vulnerabilities

CVE-2020-27218 Vulnerability in maven package org.eclipse.jetty:jetty-server

CVE-2021-21612 Vulnerability in maven package de.tracetronic.jenkins.plugins:ecutest

CVE-2023-29518 Vulnerability in maven package org.xwiki.platform:xwiki-platform-invitation-ui

CVE-2021-42550 Vulnerability in maven package ch.qos.logback:logback-core

CVE-2022-25167 Vulnerability in maven package org.apache.flume.flume-ng-sources:flume-jms-source

Severity

Critical

Classification

CWE-532 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Issue Tracking Mitigation Third Party Advisory