Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp3M3YtNWNoMi13Zm1t
Wildfly logs plaintext passwords
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.
Permalink: https://github.com/advisories/GHSA-jw3v-5ch2-wfmmJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp3M3YtNWNoMi13Zm1t
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 10 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-jw3v-5ch2-wfmm, CVE-2020-25640
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-25640
- https://github.com/amqphub/amqp-10-resource-adapter/issues/13
- https://bugzilla.redhat.com/show_bug.cgi?id=1881637
- https://security.netapp.com/advisory/ntap-20201210-0001/
- https://github.com/advisories/GHSA-jw3v-5ch2-wfmm
Blast Radius: 9.6
Affected Packages
maven:org.wildfly:wildfly-parent
Dependent packages: 32Dependent repositories: 65
Downloads:
Affected Version Ranges: < 21.0.0.Final
Fixed in: 21.0.0.Final
All affected versions:
All unaffected versions: