CVE-2020-25640

Sažetak

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1881637
https://github.com/amqphub/amqp-10-resource-adapter/issues/13
https://security.netapp.com/advisory/ntap-20201210-0001/

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

07-11-2023 - 03:20

Objavljeno

24-11-2020 - 19:15