12 matches found
EUVD-2024-3074
Malicious code in bioql PyPI...
io.quarkiverse.cxf:quarkus-cxf: Quarkus CXF may log user password and secret to application log
A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...
Critical: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP2)
An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available RHBQ 3.8.6.SP2. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...
Log Injection
io.quarkiverse.cxf, quarkus-cxf is vulnerable to Log Injection. The vulnerability is due to misconfiguration of logging settings, which results in passwords and other secrets being logged; specific configurations, such as enabled SOAP logging and access to application logs, allow attackers to...
io.github.project-openubl:quarkus-xsender (>=4.0.0.Beta1 <=5.1.1), io.github.project-openubl:quarkus-xsender-deployment (>=4.0.0.Beta1 <=5.1.1) +56 more potentially affected by CVE-2024-9621 via io.quarkiverse.cxf:quarkus-cxf (>=0.1 <=3.15.1)
io.quarkiverse.cxf:quarkus-cxf MAVEN version =0.1, =4.0.0.Beta1, =4.0.0.Beta1, =0.1, =1.5.0, =2.7.0, =3.10.0, =2.2.1, =1.5.0, =2.2.0, =3.10.0, =1.5.3, =1.5.5, =2.7.0, =1.5.0, =3.15.1 and more Source cves: CVE-2024-9621 Source advisory: OSV:GHSA-JQH2-...
CVE-2024-9621
A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...
CVE-2024-9621 Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log
A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...
CVE-2024-9621 Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log
A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...
CVE-2024-9621
CVE-2024-9621 concerns Quarkus CXF/quarkus-cxf where passwords and other secrets can appear in application logs despite redaction. The issue requires specific configuration (e.g., SOAP logging enabled, client/app/endpoint logging properties) and attacker must access logs. CVSSv3.1 base score 5.3 ...
CVE-2024-9621
A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...
io.quarkiverse.cxf:quarkus-cxf-integration-test-ws-trust (>=2.0.0 <=3.13.0), io.quarkiverse.cxf:quarkus-cxf-services-sts (>=2.0.0 <=3.13.0) +23 more potentially affected by CVE-2024-32007 via org.apache.cxf:cxf-rt-rs-security-jose (>=4.0.0 <=4.0.4)
org.apache.cxf:cxf-rt-rs-security-jose MAVEN version =4.0.0, =2.0.0, =2.0.0, =2.0.0, =4.0.0, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.11 and more Source cves: CVE-2024-32007 Source a...
io.github.project-openubl:quarkus-xsender-deployment (>=5.0.0 <=5.1.1), io.quarkiverse.cxf:quarkus-cxf-deployment (>=2.0.0 <=3.8.0) +29 more potentially affected by CVE-2024-28752 via org.apache.cxf:cxf-rt-databinding-aegis (>=4.0.0 <=4.0.3)
org.apache.cxf:cxf-rt-databinding-aegis MAVEN version =4.0.0, =5.0.0, =2.0.0, =2.7.0, =2.0.0, =2.2.0, =2.2.1, =2.0.0, =2.0.0, =2.0.0, =3.0.0-M2, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.11 and more Source cves: CVE-2024-28752 Source advisory: OSV:G...