Critical severityNVD Advisory· Published Jun 12, 2019· Updated Aug 4, 2024
CVE-2019-3888
CVE-2019-3888
Description
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.undertow:undertow-coreMaven | < 2.0.21 | 2.0.21 |
Affected products
2Patches
Vulnerability mechanics
References
9- access.redhat.com/errata/RHSA-2019:2439ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:2998ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0727ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-jwgx-9mmh-684wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-3888ghsaADVISORY
- www.securityfocus.com/bid/108739ghsavdb-entryx_refsource_BIDWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- security.netapp.com/advisory/ntap-20220210-0019ghsaWEB
- security.netapp.com/advisory/ntap-20220210-0019/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.