CVE-2019-3888: Information Exposure

June 12, 2019 (updated July 5, 2019)

An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t,exchange).

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888
nvd.nist.gov/vuln/detail/CVE-2019-3888

Code Behaviors & Features

Detect and mitigate CVE-2019-3888 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →