CVE-2020-25640

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

References

Affected packages

Git / github.com/wildfly/wildfly

Affected ranges

Type: GIT
Repo: https://github.com/wildfly/wildfly
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f3d5adb5a36fdc908d421537a35e8feffb3639be

Affected versions

10.*

10.0.0.Alpha1

10.0.0.Alpha2

10.0.0.Alpha3

10.0.0.Alpha4

10.0.0.Alpha5

10.0.0.Alpha6

10.0.0.Beta1

10.0.0.Beta2

10.0.0.CR1

10.0.0.CR2

10.0.0.CR3

10.0.0.CR4

10.0.0.CR5

10.0.0.Final

11.*

11.0.0.Alpha1

11.0.0.Beta1

11.0.0.CR1

11.0.0.Final

12.*

12.0.0.Beta1

12.0.0.CR1

12.0.0.Final

13.*

13.0.0.Beta1

13.0.0.Final

14.*

14.0.0.Beta1

14.0.0.Beta2

14.0.0.Final

15.*

15.0.0.Beta1

15.0.0.Final

16.*

16.0.0.Beta1

16.0.0.Final

17.*

17.0.0.Alpha1

17.0.0.Beta1

17.0.0.Final

18.*

18.0.0.Beta1

18.0.0.Final

19.*

19.0.0.Beta1

19.0.0.Beta2

20.*

20.0.0.Beta1

20.0.0.Final

21.*

21.0.0.Beta1

7.*

7.0.0.Alpha1

7.0.0.Alpha1-final

7.0.0.Beta1-prerelease

7.0.0.Beta2

7.0.0.Beta2-prerelease

7.0.0.Beta3

7.0.0.CR1

7.0.0.Final

7.0.0.Final-prerelease

7.0.0.Final-prerelease2

7.0.0.Final-prerelease3

7.1.0.Alpha1

7.1.0.Beta1

7.1.0.CR1

7.1.0.Final

7.1.0.Final-prerelease

7.1.0.Final-prerelease2

7.1.1.Final

7.1.2-prerelease

7.1.2.Final

7.2.0.Final

7.2.0.Final-prerelease1

8.*

8.0.0.Alpha1

8.0.0.Alpha2

8.0.0.Alpha3

8.0.0.Alpha4

8.0.0.Beta1

8.0.0.CR1

8.0.0.Final

8.1.0.CR1

8.1.0.CR2

9.*

9.0.0.Beta1

9.0.0.Beta2

9.0.0.CR1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25640.json"