Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh2aDgtdmMyOC1tMmhm
Potential to access user credentials from the log files when debug logging enabled
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
Permalink: https://github.com/advisories/GHSA-8vh8-vc28-m2hfJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh2aDgtdmMyOC1tMmhm
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 5 years ago
Updated: almost 2 years ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Percentage: 0.00458
EPSS Percentile: 0.74993
Identifiers: GHSA-8vh8-vc28-m2hf, CVE-2019-10212
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10212
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212
- https://access.redhat.com/errata/RHSA-2019:2998
- https://access.redhat.com/errata/RHSA-2020:0727
- https://security.netapp.com/advisory/ntap-20220210-0017/
- https://github.com/advisories/GHSA-8vh8-vc28-m2hf
Affected Packages
maven:io.undertow:undertow-core
Dependent packages: 912Dependent repositories: 5,259
Downloads:
Affected Version Ranges: < 2.0.20
Fixed in: 2.0.20
All affected versions:
All unaffected versions: