CVE-2020-10750

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions jaegertracing/jaeger versions prior to 1.18.1

Description A sensitive information exposure issue was discovered when the Kafka data store is used, allowing an attacker with access to the container's log file to obtain the Kafka credentials.

Recommendations For versions prior to 1.18.1, update to version 1.18.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the container's log file to minimize the risk of exploitation.

Fix

Insertion into Log File

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532CWE-200

Related Identifiers

BIT-JAEGER-2020-10750

CVE-2020-10750

GHSA-GH32-PC56-4C96

GO-2022-0834

Affected Products

Jaeger

CVE-2020-10750

Weakness Enumeration

Related Identifiers

Affected Products

References · 10