PT-2022-10375 · Apache · Apache Geode

Published

2022-01-04

Updated

2022-01-12

CVE-2021-34797

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Geode versions up to 1.12.4 Apache Geode versions up to 1.13.4

Description The issue concerns a log file redaction flaw of sensitive information. This occurs when using values that begin with characters other than letters or numbers for passwords and security properties with specific prefixes, including sysprop-, javax.net.ssl, or security-.

Recommendations For Apache Geode versions up to 1.12.4, update to version 1.12.5 or later to resolve the issue. For Apache Geode versions up to 1.13.4, update to version 1.13.5 or later to resolve the issue.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2021-34797

GHSA-MW25-F5R2-HPC6

Affected Products

Apache Geode

PT-2022-10375 · Apache · Apache Geode

CVE-2021-34797

Weakness Enumeration

Related Identifiers

Affected Products

References · 6