CVE-2020-25640 - OpenCVE

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Wildfly

Configuration 1 [-]

cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1881637	Issue Tracking Vendor Advisory
https://github.com/amqphub/amqp-10-resource-adapter/issues/13	Third Party Advisory
https://security.netapp.com/advisory/ntap-20201210-0001/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2020-11-24T19:00:33

Updated: 2020-12-10T11:06:06

Reserved: 2020-09-16T00:00:00

Link: CVE-2020-25640

JSON object: View

NVD Information

Status : Modified

Published: 2020-11-24T19:15:10.633

Modified: 2023-11-07T03:20:18.267

Link: CVE-2020-25640

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "wildfly", "vendor": "n/a", "versions": [{"status": "affected", "version": "Wildfly 21.0.0.Final"}]}], "descriptions": [{"lang": "en", "value": "A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "(CWE-209|CWE-532)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-10T11:06:06", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20201210-0001/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-25640", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "wildfly", "version": {"version_data": [{"version_value": "Wildfly 21.0.0.Final"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "(CWE-209|CWE-532)"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637"}, {"name": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13", "refsource": "MISC", "url": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13"}, {"name": "https://security.netapp.com/advisory/ntap-20201210-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20201210-0001/"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-25640", "datePublished": "2020-11-24T19:00:33", "dateReserved": "2020-09-16T00:00:00", "dateUpdated": "2020-12-10T11:06:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:*", "matchCriteriaId": "83915CB8-1E94-41BF-9BC6-BE35DA6BC7C0", "versionEndExcluding": "21.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file."}, {"lang": "es", "value": "Se detect\u00f3 un fallo en WildFly versiones anteriores a 21.0.0.Final donde, el adaptador de Recursos registra una contrase\u00f1a JMS de texto plano en el nivel de advertencia en caso de error de conexi\u00f3n, insertando informaci\u00f3n confidencial en el archivo de registro"}], "id": "CVE-2020-25640", "lastModified": "2023-11-07T03:20:18.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-24T19:15:10.633", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881637"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/amqphub/amqp-10-resource-adapter/issues/13"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20201210-0001/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-209"}], "source": "secalert@redhat.com", "type": "Secondary"}]}