Critical severityNVD Advisory· Published Jun 12, 2019· Updated Aug 4, 2024

CVE-2019-3888

Description

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
io.undertow:undertow-coreMaven	< 2.0.21	2.0.21

Affected products

Red Hat/Undertowv5
Range: 2.0.21

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2019:2439ghsavendor-advisoryx_refsource_REDHATWEB
access.redhat.com/errata/RHSA-2019:2998ghsavendor-advisoryx_refsource_REDHATWEB
access.redhat.com/errata/RHSA-2020:0727ghsavendor-advisoryx_refsource_REDHATWEB
github.com/advisories/GHSA-jwgx-9mmh-684wghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2019-3888ghsaADVISORY
www.securityfocus.com/bid/108739ghsavdb-entryx_refsource_BIDWEB
bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
security.netapp.com/advisory/ntap-20220210-0019ghsaWEB
security.netapp.com/advisory/ntap-20220210-0019/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000