Description

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1881637

https://github.com/amqphub/amqp-10-resource-adapter/issues/13

https://security.netapp.com/advisory/ntap-20201210-0001/

Related Vulnerabilities

CVE-2022-43429 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test

CVE-2021-29369 Vulnerability in npm package gnuplot

CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-api

CVE-2023-52079 Vulnerability in npm package msgpackr

CVE-2019-1003094 Vulnerability in maven package org.jenkins-ci.plugins:open-stf

Severity

Medium

Classification

CWE-532 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory