Vulnerability	Vulnerable Version
M Insertion of Sensitive Information into Log File Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of Kubernetes bearer tokens being printed in logs of the cloud membership for clustering module. How to fix Insertion of Sensitive Information into Log File? Upgrade `org.apache.tomcat:tomcat-tribes` to version 9.0.117, 10.1.54, 11.0.21 or higher.	[9.0.13,9.0.117)[10.1.0-M1,10.1.54)[11.0.0-M1,11.0.21)
H Use of a Broken or Risky Cryptographic Algorithm Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the `EncryptInterceptor` class, which defaults to CBC mode. An attacker can obtain sensitive information via padding oracle. How to fix Use of a Broken or Risky Cryptographic Algorithm? Upgrade `org.apache.tomcat:tomcat-tribes` to version 9.0.116, 10.1.53, 11.0.20 or higher.	[9.0.13,9.0.116)[10.1.50,10.1.53)[11.0.0-M1,11.0.20)

Insertion of Sensitive Information into Log File

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of Kubernetes bearer tokens being printed in logs of the cloud membership for clustering module.

How to fix Insertion of Sensitive Information into Log File?

Upgrade org.apache.tomcat:tomcat-tribes to version 9.0.117, 10.1.54, 11.0.21 or higher.

[9.0.13,9.0.117)[10.1.0-M1,10.1.54)[11.0.0-M1,11.0.21)

Use of a Broken or Risky Cryptographic Algorithm

Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the EncryptInterceptor class, which defaults to CBC mode. An attacker can obtain sensitive information via padding oracle.

How to fix Use of a Broken or Risky Cryptographic Algorithm?

Upgrade org.apache.tomcat:tomcat-tribes to version 9.0.116, 10.1.53, 11.0.20 or higher.

[9.0.13,9.0.116)[10.1.50,10.1.53)[11.0.0-M1,11.0.20)

Go back to all versions of this package