Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.
Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.
The product writes sensitive information to a log file.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tomcat | Apache | 9.0.13 (including) | 9.0.117 (excluding) |
| Tomcat | Apache | 10.1.0 (including) | 10.1.54 (excluding) |
| Tomcat | Apache | 11.0.0 (including) | 11.0.21 (excluding) |
| Red Hat JBoss Web Server 6.2.3 | RedHat | tomcat | * |
| Red Hat JBoss Web Server 6.2 on RHEL 10 | RedHat | jws6-tomcat-0:10.1.49-13.redhat_00011.1.el10jws | * |
| Red Hat JBoss Web Server 6.2 on RHEL 8 | RedHat | jws6-tomcat-0:10.1.49-13.redhat_00011.1.el8jws | * |
| Red Hat JBoss Web Server 6.2 on RHEL 9 | RedHat | jws6-tomcat-0:10.1.49-13.redhat_00011.1.el9jws | * |
| Tomcat10 | Ubuntu | esm-apps/noble | * |
| Tomcat10 | Ubuntu | esm-apps/resolute | * |
| Tomcat10 | Ubuntu | noble | * |
| Tomcat10 | Ubuntu | questing | * |
| Tomcat10 | Ubuntu | resolute | * |
| Tomcat10 | Ubuntu | upstream | * |
| Tomcat11 | Ubuntu | esm-apps/resolute | * |
| Tomcat11 | Ubuntu | questing | * |
| Tomcat11 | Ubuntu | resolute | * |
| Tomcat11 | Ubuntu | upstream | * |
| Tomcat6 | Ubuntu | esm-apps/xenial | * |
| Tomcat6 | Ubuntu | upstream | * |
| Tomcat7 | Ubuntu | esm-apps/xenial | * |
| Tomcat7 | Ubuntu | upstream | * |
| Tomcat8 | Ubuntu | esm-infra/xenial | * |
| Tomcat8 | Ubuntu | upstream | * |
| Tomcat9 | Ubuntu | esm-apps/bionic | * |
| Tomcat9 | Ubuntu | esm-apps/focal | * |
| Tomcat9 | Ubuntu | esm-apps/jammy | * |
| Tomcat9 | Ubuntu | esm-apps/noble | * |
| Tomcat9 | Ubuntu | esm-apps/resolute | * |
| Tomcat9 | Ubuntu | jammy | * |
| Tomcat9 | Ubuntu | noble | * |
| Tomcat9 | Ubuntu | questing | * |
| Tomcat9 | Ubuntu | resolute | * |
| Tomcat9 | Ubuntu | upstream | * |