Description

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1881637

https://github.com/amqphub/amqp-10-resource-adapter/issues/13

https://security.netapp.com/advisory/ntap-20201210-0001/

Related Vulnerabilities

CVE-2022-24719 Vulnerability in npm package fluture-node

CVE-2020-2229 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-14968 Vulnerability in maven package org.webjars.bower:jsrsasign

CVE-2022-43432 Vulnerability in maven package org.jenkins-ci.plugins:xframium

CVE-2022-36537 Vulnerability in maven package org.zkoss.zk:zk

Severity

Medium

Classification

CWE-532 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory