Description

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1881637

https://github.com/amqphub/amqp-10-resource-adapter/issues/13

https://security.netapp.com/advisory/ntap-20201210-0001/

Related Vulnerabilities

CVE-2022-35912 Vulnerability in maven package org.grails:grails-databinding

CVE-2023-32697 Vulnerability in maven package org.xerial:sqlite-jdbc

CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-jdk15to18

CVE-2019-1010266 Vulnerability in npm package lodash

CVE-2018-1000616 Vulnerability in maven package org.onosproject:onos-cli

Severity

Medium

Classification

CWE-532 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory