Description
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-14838 Vulnerability (CVE-2020-14838)
MySQL CVE-2018-3284 Vulnerability (CVE-2018-3284)
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-36400)
WordPress Plugin Simple Link Directory Cross-Site Scripting (7.3.4)
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8980)