CVE-2020-25640

Published: Nov 24, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Affected (1)

Products: Redhat: Wildfly

Redhat

1 product

Wildfly

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Wildfly	Before 21.0.0

Related CWEs

CWE-209

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (6)

https://bugzilla.redhat.com/show_bug.cgi?id=1881637

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://github.com/amqphub/amqp-10-resource-adapter/issues/13

Source: secalert@redhat.com

Third Party Advisory

https://security.netapp.com/advisory/ntap-20201210-0001/

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1881637

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://github.com/amqphub/amqp-10-resource-adapter/issues/13

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20201210-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.