Quarkus CXF Vulnerability: Hidden Passwords and Secrets at Risk

CVE-2024-9621

5.3MEDIUM

Key Information

Vendor
Red Hat
Status
Red Hat Build Of Apache Camel 4.4 For Quarkus 3.8
Vendor
CVE Published:
8 October 2024

Summary

A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log.

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Rolf Thorup for reporting this issue.
.