CVE-2021-34797
Apache Geode project log file redaction of sensitive information vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This issue is fixed by overhauling the log file redaction in Apache Geode versions 1.12.5, 1.13.5, and 1.14.0.
Apache Geode versiones hasta 1.12.4 y la 1.13.4, son vulnerables a un fallo de redacción de información confidencial en el archivo de registro cuando son usados valores que comienzan con caracteres distintos a letras o números para las contraseñas y propiedades de seguridad con el prefijo "sysprop-", "javax.net.ssl" o "security-". Este problema es solucionado al revisar la redacción del archivo de registro en Apache Geode versiones 1.12.5, 1.13.5 y 1.14.0
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-06-15 CVE Reserved
- 2022-01-04 CVE Published
- 2024-08-04 CVE Updated
- 2024-09-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://lists.apache.org/thread/nq2w9gjzm1cjx1rh6zw41ty39qw7qpx4 | 2022-01-12 | |
https://lists.apache.org/thread/p4l0g49rzzzpn8yt9q9p0xp52h3zmsmk | 2022-01-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Geode Search vendor "Apache" for product "Geode" | <= 1.12.4 Search vendor "Apache" for product "Geode" and version " <= 1.12.4" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Geode Search vendor "Apache" for product "Geode" | >= 1.13.0 <= 1.13.4 Search vendor "Apache" for product "Geode" and version " >= 1.13.0 <= 1.13.4" | - |
Affected
|