vulnerability
Red Hat JBossEAP: Insertion of Sensitive Information into Log File (CVE-2025-27391)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:C/I:N/A:N) | 04/09/2025 | 04/11/2025 | 04/13/2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:N)
Published
04/09/2025
Added
04/11/2025
Modified
04/13/2025
Description
Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled.
This issue affects Apache ActiveMQ Artemis: from 1.5.1 before 2.40.0. It can be mitigated by restricting log access to only trusted users.
Users are recommended to upgrade to version 2.40.0, which fixes the issue.. A flaw was found in Apache ActiveMQ Artemis. This vulnerability allows an attacker with access to debug logs to obtain sensitive configuration information via debug-level logging of broker properties.
This issue affects Apache ActiveMQ Artemis: from 1.5.1 before 2.40.0. It can be mitigated by restricting log access to only trusted users.
Users are recommended to upgrade to version 2.40.0, which fixes the issue.. A flaw was found in Apache ActiveMQ Artemis. This vulnerability allows an attacker with access to debug logs to obtain sensitive configuration information via debug-level logging of broker properties.
Solution
red-hat-jboss-eap-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.