Vulnerability Description
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Jaeger | < 1.18.1 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10750Issue TrackingPatchThird Party Advisory
- https://github.com/jaegertracing/jaeger/releases/tag/v1.18.1Release NotesThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10750Issue TrackingPatchThird Party Advisory
- https://github.com/jaegertracing/jaeger/releases/tag/v1.18.1Release NotesThird Party Advisory
FAQ
What is CVE-2020-10750?
CVE-2020-10750 is a vulnerability with a CVSS score of 7.1 (HIGH). Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the con...
How severe is CVE-2020-10750?
CVE-2020-10750 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10750?
Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Jaeger.