A vulnerability was found in Undertow web server up to 1.0.0.Alpha19, between 1.3.0.Beta9 to 1.3.0.Beta13, 1.3.0.CR.x, between 1.3.0.Final to 1.4.27.Final and 2.0.x before 2.0.20.Final. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch master
Description
A vulnerability was found in Undertow web server up to 1.0.0.Alpha19, between 1.3.0.Beta9 to 1.3.0.Beta13, 1.3.0.CR.x, between 1.3.0.Final to 1.4.27.Final and 2.0.x before 2.0.20.Final. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch master
Vulnerability ID: CVE-2019-3888
Package Name: io.undertow:undertow-core
Severity: HIGH
CVSS Score: 9.8
Publish Date: 2019-06-12T14:29:00
Current Package Version: 2.0.9.Final
Remediation Upgrade Recommendation: 2.2.26.Final
Link To SCA
Reference – NVD link