Undertow DEBUG log for io.undertow.request.security if enabled leaks credentials to log files with legacy security set.
Mitigation: Use Elytron instead of legacy Security subsystem.
This vulnerability is out of security support scope for the following product: * Red Hat Enterprise Application Platform 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
Statement: All the Red Hat products using the undertow-core jar version 2.0.20 or before are affected.
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 Via RHSA-2019:2937 https://access.redhat.com/errata/RHSA-2019:2937
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 Via RHSA-2019:2935 https://access.redhat.com/errata/RHSA-2019:2935
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 Via RHSA-2019:2936 https://access.redhat.com/errata/RHSA-2019:2936
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2019:2938 https://access.redhat.com/errata/RHSA-2019:2938
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10212
This issue has been addressed in the following products: Red Hat Openshift Application Runtimes Via RHSA-2019:2998 https://access.redhat.com/errata/RHSA-2019:2998
This issue has been addressed in the following products: Red Hat Data Grid 7.3.3 Via RHSA-2020:0727 https://access.redhat.com/errata/RHSA-2020:0727