Openshift Application Runtimes Security Vulnerabilities and Issues — Openshift Application Runtimes CVE List

Lucene search

RedhatOpenshift Application Runtimes

3 matches found

CVE•added 2019/06/12 2:29 p.m.•321 views

CVE-2019-3888

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)

9.8CVSS9.1AI score0.00569EPSS

CVE•added 2019/10/02 7:15 p.m.•191 views

CVE-2019-10212

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

9.8CVSS9AI score0.0029EPSS

CVE•added 2020/03/16 3:15 p.m.•115 views

CVE-2019-14887

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. Thi...

9.1CVSS8.7AI score0.00177EPSS