CVE-2020-25640

MEDIUM5.3EPSS 0.35%

Wildfly logs plaintext passwords

發布日:2022/2/15修改日:2025/4/3

描述

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

受影響套件(2)

Bitnami/wildflyfrom 0, < 21.0.0
Maven/org.wildfly:wildfly-parentfrom 0, < 21.0.0.Final

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-25640
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1881637
WEBhttps://github.com/amqphub/amqp-10-resource-adapter/issues/13
WEBhttps://security.netapp.com/advisory/ntap-20201210-0001
WEBhttps://security.netapp.com/advisory/ntap-20201210-0001/