Description

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1881637

https://github.com/amqphub/amqp-10-resource-adapter/issues/13

https://security.netapp.com/advisory/ntap-20201210-0001/

Related Vulnerabilities

CVE-2022-27202 Vulnerability in maven package org.jenkins-ci.plugins:extended-choice-parameter

CVE-2021-44521 Vulnerability in maven package org.apache.cassandra:cassandra-all

CVE-2021-21174 Vulnerability in npm package electron

CVE-2023-50719 Vulnerability in maven package org.xwiki.platform:xwiki-platform-search-solr-api

CVE-2022-45395 Vulnerability in maven package com.thalesgroup.jenkins-ci.plugins:cccc

Severity

Medium

Classification

CWE-532 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory