VDB
KO
HIGH 7.5

GHSA-x4m4-345f-5h5g

Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File

Details

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.

Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.

Are you affected?

Enter the version of the package you're using.

Affected packages

Maven / org.apache.tomcat:tomcat-tribes
Introduced in: 9.0.13 Fixed in: 9.0.117
Fix # pom.xml: bump <version>9.0.117</version> for org.apache.tomcat:tomcat-tribes
Maven / org.apache.tomcat:tomcat-tribes
Introduced in: 10.1.0-M1 Fixed in: 10.1.54
Fix # pom.xml: bump <version>10.1.54</version> for org.apache.tomcat:tomcat-tribes
Maven / org.apache.tomcat:tomcat-tribes
Introduced in: 11.0.0-M1 Fixed in: 11.0.21
Fix # pom.xml: bump <version>11.0.21</version> for org.apache.tomcat:tomcat-tribes
Maven / org.apache.tomcat:tomcat
Introduced in: 9.0.13 Fixed in: 9.0.117
Fix # pom.xml: bump <version>9.0.117</version> for org.apache.tomcat:tomcat
Maven / org.apache.tomcat:tomcat
Introduced in: 10.1.0-M1 Fixed in: 10.1.54
Fix # pom.xml: bump <version>10.1.54</version> for org.apache.tomcat:tomcat
Maven / org.apache.tomcat:tomcat
Introduced in: 11.0.0-M1 Fixed in: 11.0.21
Fix # pom.xml: bump <version>11.0.21</version> for org.apache.tomcat:tomcat

References