CVE-2021-34797: Apache Geode project log file redaction of sensitive information vulnerability
First published: Tue Jan 04 2022(Updated: )
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This issue is fixed by overhauling the log file redaction in Apache Geode versions 1.12.5, 1.13.5, and 1.14.0.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Geode | <=1.12.4 | |
| Apache Geode | >=1.13.0<=1.13.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
CVE-2021-34797
What is the severity level of CVE-2021-34797?
The severity level of CVE-2021-34797 is high with a severity value of 7.5.
Which versions of Apache Geode are affected by CVE-2021-34797?
Apache Geode versions up to 1.12.4 and 1.13.4 are affected by CVE-2021-34797.
What is the impact of CVE-2021-34797?
CVE-2021-34797 allows for log file redaction of sensitive information when using certain values for passwords and security properties.
Are there any fixes available for CVE-2021-34797?
At the time of writing, there are no official fixes available for CVE-2021-34797. It is recommended to stay updated with the latest security patches and follow best practices to mitigate the risk.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/apache
- canonical/apache geode
- version/apache geode/1.12.4
- version/apache geode/1.13.0
- version/apache geode/1.13.4