Vulnerability Name: | CVE-2019-10212 (CCN-168252) | ||||||||||||||||
Assigned: | 2019-10-01 | ||||||||||||||||
Published: | 2019-10-01 | ||||||||||||||||
Updated: | 2022-02-20 | ||||||||||||||||
Summary: | A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. | ||||||||||||||||
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
4.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
| ||||||||||||||||
Vulnerability Type: | CWE-532 | ||||||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2019-10212 Source: REDHAT Type: Vendor Advisory RHSA-2019:2998 Source: REDHAT Type: Vendor Advisory RHSA-2020:0727 Source: CCN Type: Red Hat Web site CVE-2019-10212 Source: CCN Type: Red Hat Bugzilla - Bug 1731984 (CVE-2019-10212) - CVE-2019-10212 undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files Source: CONFIRM Type: Issue Tracking, Mitigation, Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212 Source: XF Type: UNKNOWN undertow-cve201910212-info-disc(168252) Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20220210-0017/ | ||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration 5: Configuration 6: Denotes that component is vulnerable | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |