CVE-2019-10212 – io.undertow:undertow-core

Package

Manager: maven
Name: io.undertow:undertow-core
Vulnerable Version: >=0 <2.0.20

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.0029 pctl0.51995

Details

Potential to access user credentials from the log files when debug logging enabled A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

Metadata

Created: 2019-11-20T01:33:54Z
Modified: 2022-02-11T21:12:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/11/GHSA-8vh8-vc28-m2hf/GHSA-8vh8-vc28-m2hf.json
CWE IDs: ["CWE-532"]
Alternative ID: GHSA-8vh8-vc28-m2hf
Finding: F183
Auto approve: 1