CVE-2020-10750 HIGH

CVE-2020-10750

Vendor The Jager Project
Product jaegertracing/jaeger
Weakness CWE-532 · Sensitive info in logs
Published June 19, 2020
Last update August 4, 2024

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.

Key dates

02Disclosure timeline

June 19, 2020 CVE published
August 4, 2024 Record updated