CVE-2019-10212 MEDIUM

CVE-2019-10212

Vendor Redhat
Product undertow
Weakness CWE-532 · Sensitive info in logs
Published October 2, 2019
Last update August 4, 2024

CVSS base score

4.8/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

Key dates

02Disclosure timeline

October 2, 2019 CVE published
August 4, 2024 Record updated