Description

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1881637

https://github.com/amqphub/amqp-10-resource-adapter/issues/13

https://security.netapp.com/advisory/ntap-20201210-0001/

Related Vulnerabilities

CVE-2021-26539 Vulnerability in npm package sanitize-html

CVE-2020-24582 Vulnerability in npm package zulip

CVE-2023-27603 Vulnerability in maven package org.apache.linkis:linkis-common

CVE-2020-2207 Vulnerability in maven package org.jenkins-ci.plugins:vncviewer

CVE-2022-3224 Vulnerability in npm package parse-url

Severity

Medium

Classification

CWE-532 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory