CVE-2020-25640medium
Description
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1881637
https://github.com/amqphub/amqp-10-resource-adapter/issues/13
Details
Source: MITRE
Published: 2020-11-24
Updated: 2020-12-23
Type: CWE-532
Risk Information
CVSS v2
Base Score: 3.5
Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 6.8
Severity: LOW
CVSS v3
Base Score: 5.3
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 1.6
Severity: MEDIUM