CVE-2020-10750 – jaegertracing/jaeger: credentials leaked to container logs

https://notcve.org/view.php?id=CVE-2020-10750

Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials. Una información confidencial escrita en una vulnerabilidad de archivo de registro se encontró en jaegertracing/jaeger versiones anteriores a 1.18.1, cuando el almacén de datos de Kafka es usado. Este fallo permite a un atacante con acceso al archivo de registro del contenedor detecte las credenciales de Kafka An information disclosure vulnerability was found in jaegertracing/jaeger. When the Kafka data store is used, this flaw allows an attacker with access to the container's log file to discover the Kafka credentials. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10750 https://github.com/jaegertracing/jaeger/releases/tag/v1.18.1 https://access.redhat.com/security/cve/CVE-2020-10750 https://bugzilla.redhat.com/show_bug.cgi?id=1838401 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •