A flaw was found in keycloack. A logged exception in the HttpMethod class may leak password given as parameter. References: https://issues.redhat.com/browse/KEYCLOAK-12638
RHSSO 7.3.5 client adapters seem to be affected as they do ship keycloak-authz-client-4.8.15.Final-redhat-00001.jar
Marking RHDM/PAM as not affected as they do not ship this class : https://github.com/keycloak/keycloak/blob/master/authz/client/src/main/java/org/keycloak/authorization/client/util/HttpMethod.java#L106
Acknowledgments: Name: Tobias Friedrich
This issue has been addressed in the following products: Red Hat Runtimes Spring Boot 2.2.6 Via RHSA-2020:2252 https://access.redhat.com/errata/RHSA-2020:2252
This issue has been addressed in the following products: Red Hat Openshift Application Runtimes Via RHSA-2020:2905 https://access.redhat.com/errata/RHSA-2020:2905