CVE-2019-10212
Published: 2 October 2019
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
Priority
Status
Package | Release | Status |
---|---|---|
undertow Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Not vulnerable
(2.0.27-1)
|
|
groovy |
Not vulnerable
(2.0.27-1)
|
|
hirsute |
Not vulnerable
(2.0.27-1)
|
|
impish |
Not vulnerable
(2.0.27-1)
|
|
jammy |
Not vulnerable
(2.0.27-1)
|
|
kinetic |
Not vulnerable
(2.0.27-1)
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |