CGA-r3m6-j9rf-6qrg

Published

Last updated

https://images.chainguard.dev/security/CGA-r3m6-j9rf-6qrg

Package

jaeger-agent

Latest Update

Not affected

Aliases

CVE-2020-10750
GHSA-gh32-pc56-4c96

Severity

5.5

Medium

CVSS V3

Summary

Information Exposure in jaeger

Description

Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-10750
https://github.com/advisories/GHSA-gh32-pc56-4c96
https://github.com/jaegertracing/jaeger/commit/360c38bec3f9718ebba7ddbf0b409b05995f3ace
https://bugzilla.redhat.com/show_bug.cgi?id=1838401
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10750
https://github.com/jaegertracing/jaeger/releases/tag/v1.18.1

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-r3m6-j9rf-6qrg

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources