Description

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1881637

https://github.com/amqphub/amqp-10-resource-adapter/issues/13

https://security.netapp.com/advisory/ntap-20201210-0001/

Related Vulnerabilities

CVE-2022-45398 Vulnerability in maven package org.zeroturnaround:cluster-stats

CVE-2019-14862 Vulnerability in npm package knockout

CVE-2018-11651 Vulnerability in maven package org.graylog2:graylog2-server

CVE-2023-26474 Vulnerability in maven package org.xwiki.platform:xwiki-platform-legacy-oldcore

CVE-2023-37908 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-xml

Severity

Medium

Classification

CWE-532 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory