CVE-2020-10750

HIGH

jaegertracing/jaeger <1.18.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.

References (2)

Core 2
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10750
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/jaegertracing/jaeger/releases/tag/v1.18.1

Scores

CVSS v3 7.1
EPSS 0.0043
EPSS Percentile 34.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-200 CWE-532
Status published
Products (2)
jaegertracing/jaeger 0 - 1.18.1Go
linuxfoundation/jaeger < 1.18.1
Published Jun 19, 2020
Tracked Since Feb 18, 2026