Description

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1881637

https://github.com/amqphub/amqp-10-resource-adapter/issues/13

https://security.netapp.com/advisory/ntap-20201210-0001/

Related Vulnerabilities

CVE-2021-32809 Vulnerability in maven package org.webjars.bowergithub.ckeditor:ckeditor4

CVE-2022-25893 Vulnerability in npm package vm2

CVE-2021-25646 Vulnerability in maven package org.apache.druid:druid-core

CVE-2018-14041 Vulnerability in maven package org.webjars.bower:bootstrap

CVE-2018-25031 Vulnerability in maven package org.webjars:swagger-ui

Severity

Medium

Classification

CWE-532 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory