GHSA-gh32-pc56-4c96

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-gh32-pc56-4c96/GHSA-gh32-pc56-4c96.json

Aliases

CVE-2020-10750

Published

2021-05-18T18:35:02Z

Modified

2023-09-15T19:47:45Z

Details

Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-10750
https://github.com/jaegertracing/jaeger/commit/360c38bec3f9718ebba7ddbf0b409b05995f3ace
https://bugzilla.redhat.com/show_bug.cgi?id=1838401
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10750
https://github.com/jaegertracing/jaeger/releases/tag/v1.18.1

Affected packages

Go / github.com/jaegertracing/jaeger

Source Details

Package Name: github.com/jaegertracing/jaeger

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.18.1

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}