Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 by Red Hat

    CVE-2024-9621 (GCVE-0-2024-9621)

    Vulnerability from nvd – Published: 2024-10-08 16:26 – Updated: 2025-11-20 20:58
    VLAI
    Title
    Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log
    Summary
    A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:10035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-9621 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2317130 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.15.2 (semver)
    Red Hat Red Hat Build of Apache Camel 4.4 for Quarkus 3.8     cpe:/a:redhat:camel_quarkus:3.8
    Create a notification for this product.
    Date Public
    2024-10-08 00:00
    Credits
    Red Hat would like to thank Rolf Thorup for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9621",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T17:42:02.424731Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T17:42:16.041Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/quarkiverse/quarkus-cxf",
              "defaultStatus": "unaffected",
              "packageName": "quarkus-cxf",
              "versions": [
                {
                  "lessThan": "3.15.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_quarkus:3.8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.quarkiverse.cxf/quarkus-cxf",
              "product": "Red Hat Build of Apache Camel 4.4 for Quarkus 3.8",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Rolf Thorup for reporting this issue."
            }
          ],
          "datePublic": "2024-10-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the  application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T20:58:20.093Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:10035",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:10035"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-9621"
            },
            {
              "name": "RHBZ#2317130",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317130"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-08T01:04:50.230Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-10-08T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-9621",
        "datePublished": "2024-10-08T16:26:09.155Z",
        "dateReserved": "2024-10-08T01:08:43.306Z",
        "dateUpdated": "2025-11-20T20:58:20.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-9621 (GCVE-0-2024-9621)

    Vulnerability from cvelistv5 – Published: 2024-10-08 16:26 – Updated: 2025-11-20 20:58
    VLAI
    Title
    Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log
    Summary
    A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:10035 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-9621 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2317130 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.15.2 (semver)
    Red Hat Red Hat Build of Apache Camel 4.4 for Quarkus 3.8     cpe:/a:redhat:camel_quarkus:3.8
    Create a notification for this product.
    Date Public
    2024-10-08 00:00
    Credits
    Red Hat would like to thank Rolf Thorup for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9621",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T17:42:02.424731Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T17:42:16.041Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/quarkiverse/quarkus-cxf",
              "defaultStatus": "unaffected",
              "packageName": "quarkus-cxf",
              "versions": [
                {
                  "lessThan": "3.15.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_quarkus:3.8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.quarkiverse.cxf/quarkus-cxf",
              "product": "Red Hat Build of Apache Camel 4.4 for Quarkus 3.8",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Rolf Thorup for reporting this issue."
            }
          ],
          "datePublic": "2024-10-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the  application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T20:58:20.093Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:10035",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:10035"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-9621"
            },
            {
              "name": "RHBZ#2317130",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317130"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-08T01:04:50.230Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-10-08T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-532: Insertion of Sensitive Information into Log File"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-9621",
        "datePublished": "2024-10-08T16:26:09.155Z",
        "dateReserved": "2024-10-08T01:08:43.306Z",
        "dateUpdated": "2025-11-20T20:58:20.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }