Lucene search

[email protected]NVD:CVE-2020-10750

HistoryJun 19, 2020 - 8:15 p.m.

CVE-2020-10750

2020-06-1920:15:12

CWE-532

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container’s log file to discover the Kafka credentials.

Affected configurations

Nvd

Node

linuxfoundationjaegerRange<1.18.1

VendorProductVersionCPE
linuxfoundationjaeger*cpe:2.3:a:linuxfoundation:jaeger:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linuxfoundation	jaeger	*	cpe:2.3:a:linuxfoundation:jaeger::::::::

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10750

github.com/jaegertracing/jaeger/releases/tag/v1.18.1

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2020-10750

cvelist1 redhatcve1 osv5 cve1 prion1 veracode1 github1 nessus1 photon1