CVE-2020-25640 — Information Exposure via Error Message in Redhat Wildfly

CWE-209 — Information Exposure via Error Message CWE-532 — Log File Information Exposure7 documents6 sources

Severity

5.3MEDIUMNVD

EPSS

0.4%

top 42.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Wildfly

Timeline

PublishedNov 24

Latest updateFeb 15

Description

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶NVDredhat/wildfly< 21.0.0

▶CVEListV5redhat/wildflyWildfly 21.0.0.Final

🔴Vulnerability Details

OSV

Wildfly logs plaintext passwords↗2022-02-15

▶

GHSA

Wildfly logs plaintext passwords↗2022-02-15

▶

CVEList

CVE-2020-25640: A flaw was discovered in WildFly before 21↗2020-11-24

▶

📋Vendor Advisories

Red Hat

wildfly: resource adapter logs plaintext JMS password at warning level on connection error↗2020-09-10

▶

💬Community

Bugzilla

CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error [fedora-all]↗2020-09-24

▶

Bugzilla

CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error↗2020-09-22

▶