[MAVEN:GHSA-JW3V-5CH2-WFMM] Wildfly logs plaintext passwords

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Package	Affected Version
pkg:maven/org.wildfly/wildfly-parent	< 21.0.0.Final

Package	Fixed Version
pkg:maven/org.wildfly/wildfly-parent	= 21.0.0.Final

ID: MAVEN:GHSA-JW3V-5CH2-WFMM
Severity: moderate
URL: https://github.com/advisories/GHSA-jw3v-5ch2-wfmm
Published: 2022-02-15T01:38:27
(2 years ago)
Modified: 2023-07-13T22:11:45
(14 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2020-25640
			https://github.com/amqphub/amqp-10-resource-adapter/issues/13
			https://bugzilla.redhat.com/show_bug.cgi?id=1881637
			https://security.netapp.com/advisory/ntap-20201210-0001/
			https://github.com/advisories/GHSA-jw3v-5ch2-wfmm

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.wildfly/wildfly-parent	org.wildfly	wildfly-parent	< 21.0.0.Final
Fixed	pkg:maven/org.wildfly/wildfly-parent	org.wildfly	wildfly-parent	= 21.0.0.Final

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date