CVE-2020-25640

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions WildFly versions prior to 21.0.0.Final

Description A flaw was discovered in WildFly where the resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Recommendations For versions prior to 21.0.0.Final, update to version 21.0.0.Final or later to resolve the issue. As a temporary workaround, consider restricting access to log files to minimize the risk of sensitive information exposure.

Fix

Insertion into Log File

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532CWE-209

Related Identifiers

BIT-WILDFLY-2020-25640

CVE-2020-25640

GHSA-JW3V-5CH2-WFMM

RHSA-2021:0246

RHSA-2021:0247

RHSA-2021:0248

Affected Products

Wildfly

CVE-2020-25640

Weakness Enumeration

Related Identifiers

Affected Products

References · 10