A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log.
History

Fri, 06 Dec 2024 09:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:camel_quarkus:3 cpe:/a:redhat:camel_quarkus:3.8
References

Tue, 08 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 08 Oct 2024 16:45:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log.
Title io.quarkiverse.cxf:quarkus-cxf: Quarkus CXF may log user password and secret to application log Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log
First Time appeared Redhat
Redhat camel Quarkus
CPEs cpe:/a:redhat:camel_quarkus:3
Vendors & Products Redhat
Redhat camel Quarkus
References

Tue, 08 Oct 2024 13:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title io.quarkiverse.cxf:quarkus-cxf: Quarkus CXF may log user password and secret to application log
Weaknesses CWE-532
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-10-08T16:26:09.155Z

Updated: 2024-12-06T09:43:40.449Z

Reserved: 2024-10-08T01:08:43.306Z

Link: CVE-2024-9621

cve-icon Vulnrichment

Updated: 2024-10-08T17:42:11.393Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-08T17:15:57.573

Modified: 2024-12-06T10:15:06.327

Link: CVE-2024-9621

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-10-08T00:00:00Z

Links: CVE-2024-9621 - Bugzilla