CVE-2024-9621

Source
https://cve.org/CVERecord?id=CVE-2024-9621
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9621.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-9621
Aliases
Published
2024-10-08T16:26:09.155Z
Modified
2026-07-08T07:57:54.311966155Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log
Details

A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/9xxx/CVE-2024-9621.json",
    "cna_assigner": "redhat",
    "cwe_ids": [
        "CWE-532"
    ]
}
References

Affected packages

Git / github.com/quarkiverse/quarkus-cxf

Affected ranges

Type
GIT
Repo
https://github.com/quarkiverse/quarkus-cxf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.15.2"
        }
    ]
}

Affected versions

0.*
0.1
0.1.0
0.1.1
0.10.0
0.11.0
0.12.0
0.13.0
0.13.1
0.14.0
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1.*
1.0.0
1.1.0
1.2.0
1.3.0
1.4.0
1.5.0
1.5.0.CR1
1.5.3
1.5.4
1.5.5
1.5.6
1.6.0
1.7.0
1.7.1
1.7.2
1.7.3
2.*
2.0.0
2.0.0.Alpha1
2.0.0.Alpha2
2.0.0.Alpha3
2.0.0.Alpha4
2.0.0.Alpha5
2.0.0.Alpha6
2.0.0.Alpha7
2.0.0.CR1
2.0.1
2.0.2
2.0.3
2.0.4
2.1.0
2.2.0
2.2.0.CR1
2.2.1
2.2.2
2.3.0
2.3.1
2.4.0
2.5.0
2.6.0
2.6.1
2.7.0
2.7.0.CR1
2.7.0.CR2
2.7.1
3.*
3.10.0
3.10.0.CR1
3.11.0
3.11.1
3.12.0
3.12.0.CR1
3.13.0
3.13.1
3.14.0
3.15.0
3.15.1
3.8.0
3.8.1
3.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9621.json"