Description
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2024-20955 Vulnerability (CVE-2024-20955)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000169)
Sqlite NULL Pointer Dereference Vulnerability (CVE-2020-13632)
WordPress Plugin eHive Object Details Cross-Site Scripting (2.1.6)
Oracle Database Server CVE-2014-4290 Vulnerability (CVE-2014-4290)