Description

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

Remediation

References

CVE-2019-10212

Related Vulnerabilities

WordPress Plugin Video Lead Form 'errMsg' Parameter Cross-Site Scripting (0.5)

TYPO3 Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2022-36104)

WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Cross-Site Request Forgery (3.4.1)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5505)

WordPress Plugin Feedweb Unspecified Vulnerability (3.0.7)

Severity

Critical

Classification

CVE-2019-10212 CWE-532 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities