What is CVE-2019-10212?

CVE-2019-10212 is a medium-severity vulnerability in Redhat Undertow, classified under Insertion of Sensitive Information into Log File. CVSS score: 4.8/10. Published 2019-10-02.

How severe is CVE-2019-10212?

Medium severity. CVSS v3 base score is 4.8 out of 10.

Information disclosure in Redhat Undertow

CVE-2019-10212

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

EPSS: 0.004 (63.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N.

Affected products

Redhat Undertow — versions all under 2.0.20

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
RHSA-2019:2998 (vendor-advisory, x_refsource_REDHAT)
RHSA-2020:0727 (vendor-advisory, x_refsource_REDHAT)
security.netapp.com/advisory/ntap-20220210-0017/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-10212?: CVE-2019-10212 is a medium-severity vulnerability in Redhat Undertow, classified under Insertion of Sensitive Information into Log File. CVSS score: 4.8/10. Published 2019-10-02.
How severe is CVE-2019-10212?: Medium severity. CVSS v3 base score is 4.8 out of 10.