Information Exposure in jaeger
Moderate severity
GitHub Reviewed
Published
May 18, 2021
to the GitHub Advisory Database
•
Updated Sep 15, 2023
Package
Affected versions
< 1.18.1
Patched versions
1.18.1
Description
Reviewed
May 12, 2021
Published to the GitHub Advisory Database
May 18, 2021
Last updated
Sep 15, 2023
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.
References