Description

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212

https://access.redhat.com/errata/RHSA-2019:2998

https://access.redhat.com/errata/RHSA-2020:0727

https://security.netapp.com/advisory/ntap-20220210-0017/

Related Vulnerabilities

CVE-2022-31129 Vulnerability in maven package org.webjars.bower:moment

CVE-2022-3783 Vulnerability in npm package node-red-dashboard

CVE-2023-45857 Vulnerability in maven package org.webjars.bower:axios

CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-cdc-mysql-processors

CVE-2018-11696 Vulnerability in maven package org.webjars.npm:node-sass

Severity

Critical

Classification

CWE-532 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Issue Tracking Mitigation Vendor Advisory Third Party Advisory