Primary

Context

Apache ActiveMQ Artemis Sensitive Information Logging Vulnerability

Vulnerability

Patched

A vulnerability allowing the unintentional logging of sensitive information has been identified in Apache ActiveMQ Artemis versions 1.5.1 prior to 2.40.0. When the logger for 'org.apache.activemq.artemis.core.config.impl.ConfigurationImpl' is set to debug level, all broker property values are recorded in the log. This issue can be mitigated by limiting log access to trusted users.

Impact

Exposed sensitive information in log files, potentially including passwords.

Remediation

Users are advised to upgrade to Apache ActiveMQ Artemis version 2.40.0 or later, which addresses this vulnerability. Additionally, log access should be restricted to trusted users.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.6

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.6

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache ActiveMQ Artemis Sensitive Information Logging Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache ActiveMQ Artemis

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating