CVE-2020-25640
Wildfly logs plaintext passwords
5.3
MEDIUM
CVSS 3.1
EPSS 0.35%
Description
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.
How to fix CVE-2020-25640
To remediate CVE-2020-25640, upgrade the affected package to a fixed version below.
- Bitnami/wildfly—upgrade to 21.0.0 or later
- —upgrade to 21.0.0.Final or later
Is CVE-2020-25640 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 21.0.0
- from 0, < 21.0.0.Final
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |