Description
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
References (4)
Core 4
Core References
Issue Tracking, Mitigation, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2998
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0727
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220210-0017/
Scores
CVSS v3
9.8
EPSS
0.0045
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-532
Status
published
Products (12)
io.undertow/undertow-core
0 - 2.0.20Maven
netapp/active_iq_unified_manager
(3 CPE variants)
redhat/jboss_data_grid
redhat/jboss_data_grid
7.0.0 - 7.3
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
7.2
redhat/jboss_enterprise_application_platform
7.3
redhat/jboss_enterprise_application_platform
7.4
redhat/jboss_fuse
7.0.0 - 7.4
redhat/openshift_application_runtimes
... and 2 more
Published
Oct 02, 2019
Tracked Since
Feb 18, 2026