CVE-2020-25640

MEDIUM5.3EPSS 0.35%

Wildfly logs plaintext passwords

Published: 2/15/2022Modified: 4/3/2025

Description

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Affected packages (2)

Bitnami/wildflyfrom 0, < 21.0.0
Maven/org.wildfly:wildfly-parentfrom 0, < 21.0.0.Final

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-25640
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1881637
WEBhttps://github.com/amqphub/amqp-10-resource-adapter/issues/13
WEBhttps://security.netapp.com/advisory/ntap-20201210-0001
WEBhttps://security.netapp.com/advisory/ntap-20201210-0001/