Back to search
CVE-2021-34797
Published: Jan 4, 2022
Modified: Aug 4, 2024
PUBLISHED
Description
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This issue is fixed by overhauling the log file redaction in Apache Geode versions 1.12.5, 1.13.5, and 1.14.0.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Geode | affected Apache Geode - <= 1.12.4 |
Weaknesses (CWE)
References
https://lists.apache.org/thread/p4l0g49rzzzpn8yt9q9p0xp52h3zmsmk
x_refsource_MISC
https://lists.apache.org/thread/nq2w9gjzm1cjx1rh6zw41ty39qw7qpx4
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now