CVE-2020-10750

HIGH

jaegertracing/jaeger <1.18.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.

References (2)

Core 2
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10750
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/jaegertracing/jaeger/releases/tag/v1.18.1

Scores

CVSS v3 7.1
EPSS 0.0006
EPSS Percentile 18.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-532 CWE-200
Status published
Products (2)
jaegertracing/jaeger 0 - 1.18.1Go
linuxfoundation/jaeger < 1.18.1
Published Jun 19, 2020
Tracked Since Feb 18, 2026