geode-core is vulnerable to information disclosure. The vulnerability exists through the ArgumentRedactor() function when the values are begin with characters other than letters or numbers for passwords and security properties, its leads to expose sensitive information through log files.
github.com/apache/geode/commit/085bf34fbb32e256c0a34195a4dcf430212f291f
github.com/apache/geode/commit/592dfd32defdbb12925ec69f6e63e0140d522bf4
github.com/apache/geode/commit/b82e282b80ef27d9018509be0f2e62173a5a35d5
github.com/apache/geode/pull/6747
github.com/apache/geode/pull/6749
github.com/apache/geode/pull/6750
issues.apache.org/jira/browse/GEODE-9354
lists.apache.org/thread/nq2w9gjzm1cjx1rh6zw41ty39qw7qpx4
lists.apache.org/thread/p4l0g49rzzzpn8yt9q9p0xp52h3zmsmk