Description

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1881637

https://github.com/amqphub/amqp-10-resource-adapter/issues/13

https://security.netapp.com/advisory/ntap-20201210-0001/

Related Vulnerabilities

CVE-2022-36892 Vulnerability in maven package org.jenkins-ci.plugins:rhnpush-plugin

CVE-2023-44487 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2021-22964 Vulnerability in npm package fastify-static

CVE-2018-16491 Vulnerability in maven package org.webjars.npm:node.extend

CVE-2021-25122 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

Severity

Medium

Classification

CWE-532 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory