CVE-2021-34797

Опубликовано: 04 янв. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This issue is fixed by overhauling the log file redaction in Apache Geode versions 1.12.5, 1.13.5, and 1.14.0.

Ссылки

https://lists.apache.org/thread/nq2w9gjzm1cjx1rh6zw41ty39qw7qpx4
Mailing List
Vendor Advisory
https://lists.apache.org/thread/p4l0g49rzzzpn8yt9q9p0xp52h3zmsmk
Mailing List
Vendor Advisory
https://lists.apache.org/thread/nq2w9gjzm1cjx1rh6zw41ty39qw7qpx4
Mailing List
Vendor Advisory
https://lists.apache.org/thread/p4l0g49rzzzpn8yt9q9p0xp52h3zmsmk
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:geode:*:*:*:*:*:*:*:*

Версия до 1.12.4 (включая)

cpe:2.3:a:apache:geode:*:*:*:*:*:*:*:*

Версия от 1.13.0 (включая) до 1.13.4 (включая)

EPSS

Процентиль: 51%

0.00282

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-532

Связанные уязвимости

GHSA-mw25-f5r2-hpc6

github

около 4 лет назад

Insertion of Sensitive Information into Log File in Apache Geode