Quarkus CXF Vulnerability: Hidden Passwords and Secrets at Risk
CVE-2024-9621
5.3MEDIUM
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Build Of Apache Camel 4.4 For Quarkus 3.8
- Vendor
- CVE Published:
- 8 October 2024
Summary
A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log.
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability Reserved
Vulnerability published
Collectors
NVD DatabaseMitre Database
Credit
Red Hat would like to thank Rolf Thorup for reporting this issue.