CVE-2020-10750
Information Exposure in jaeger in github.com/jaegertracing/jaeger
5.5
MEDIUM
CVSS 3.1
EPSS 0.06%
Description
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.
How to fix CVE-2020-10750
To remediate CVE-2020-10750, upgrade the affected package to a fixed version below.
- —upgrade to 1.18.1 or later
- —upgrade to 1.18.1 or later
- —upgrade to 1.18.1 or later
Is CVE-2020-10750 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.18.1
- from 0, < 1.18.1
- from 0, < 1.18.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |