CVE-2024-8097
published 2024-09-11CVE-2024-8097: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted…
PriorityP422medium6.7CVSS 4.0
AVLACLATNPRHUIAVCHVINVANSCHSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.19%
8.6th percentile
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 before 5.67.0, from 5.2020.2 before 5.2022.5, from 4.1.2.191.0 before 4.1.2.191.50.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| payara_platform | payara_server | >= 4.1.2.191.0 < 4.1.2.191.50 | 4.1.2.191.50 |
| payara_platform | payara_server | >= 5.20.0 < 5.67.0 | 5.67.0 |
| payara_platform | payara_server | >= 5.2020.2 < 5.2022.5 | 5.2022.5 |
| payara_platform | payara_server | >= 6.0.0 < 6.18.0 | 6.18.0 |
| payara_platform | payara_server | >= 6.2022.1 < 6.2024.9 | 6.2024.9 |
CVSS provenance
nvdv4.06.7MEDIUMCVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat6.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
payara: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara
vendor_redhat·2024-09-11·CVSS 6.7
CVE-2024-8097 [MEDIUM] CWE-200 payara: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara
payara: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 before 5.67.0, from 5.2020.2 before 5.2022.5, from 4.1.2.191.0 before 4.1.2.191.50.
An exposure of sensitive information flaw via an unauthorized actor vulnerability was found in the Payara Platform Payara Server (logging modules). This issue allows sensitive credentials to be posted in plain text on the server log.
Mitigation: Mitigation for this issue is either not available or the currently available opti
GHSA
GHSA-w9q2-g4fg-c4pw: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentia
ghsa_unreviewed·2024-09-11
CVE-2024-8097 [MEDIUM] CWE-200 GHSA-w9q2-g4fg-c4pw: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentia
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 before 5.67.0, from 5.2020.2 before 5.2022.5, from 4.1.2.191.0 before 4.1.2.191.50.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-11
Published