BIT-tomcat-2026-34487

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2026-34487.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-tomcat-2026-34487

Aliases

CVE-2026-34487
GHSA-x4m4-345f-5h5g

Published

2026-04-13T10:20:00.791Z

Modified

2026-04-13T12:56:21.121765811Z

Summary

Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token

Details

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.

This issue affects Apache Tomcat: from 11.0.0 through 11.0.20, from 10.1.0 through 10.1.53, from 9.0.13 through 9.0.116.

Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.

Database specific

{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:apache:tomcat:*:*:*:*:*:maven:*:*"
    ]
}

References

Affected packages

Bitnami / tomcat

Package

Name: tomcat
Purl: pkg:bitnami/tomcat

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

9.0.13

Fixed

9.0.117

Introduced

10.1.0

Fixed

10.1.54

Introduced

11.0.0

Fixed

11.0.21

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2026-34487.json"