Candidate: CVE-2019-10212
PublicDate: 2019-10-02 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10212
 https://bugzilla.redhat.com/show_bug.cgi?id=1731984
Description:
 A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for
 io.undertow.request.security. If enabled, an attacker could abuse this flaw
 to obtain the user's credentials from the log files.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_undertow:
upstream_undertow: needs-triage
precise/esm_undertow: DNE
trusty_undertow: ignored (out of standard support)
trusty/esm_undertow: DNE
xenial_undertow: ignored (end of standard support, was needs-triage)
bionic_undertow: needs-triage
disco_undertow: ignored (reached end-of-life)
eoan_undertow: ignored (reached end-of-life)
focal_undertow: not-affected (2.0.27-1)
groovy_undertow: not-affected (2.0.27-1)
hirsute_undertow: not-affected (2.0.27-1)
impish_undertow: not-affected (2.0.27-1)
jammy_undertow: not-affected (2.0.27-1)
devel_undertow: not-affected (2.0.27-1)