CVE-2024-9621— Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log

CVSS 5.3 · Medium EPSS 0.10% · P27 Updated Feb 26, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-9621

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

通过日志文件的信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

Quarkus CXF 日志信息泄露漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Quarkus CXF是Quarkiverse开源的一个扩展。 Quarkus CXF存在日志信息泄露漏洞，该漏洞源于尽管用户将密码和其他机密配置为隐藏，但它们可能会出现在应用程序日志中。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Red Hat	Red Hat Build of Apache Camel 4.4 for Quarkus 3.8	-	`cpe:/a:redhat:camel_quarkus:3.8`

II. Public POCs for CVE-2024-9621

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-9621

请登录查看更多情报信息。

CVE-2024-9621 - Red Hat Customer Portalvdb-entryx_refsource_REDHAT
2317130 – (CVE-2024-9621) CVE-2024-9621 io.quarkiverse.cxf:quarkus-cxf: Quarkus CXF may log user password and secret to application logissue-trackingx_refsource_REDHAT
RHSA-2024:10035 - Security Advisory - Red Hat Customer Portalvendor-advisoryx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2024-9621

IV. Related Vulnerabilities

Same weakness: CWE-532

V. Comments for CVE-2024-9621

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-9621— Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log

I. Basic Information for CVE-2024-9621

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-9621

III. Intelligence Information for CVE-2024-9621

IV. Related Vulnerabilities

V. Comments for CVE-2024-9621

Leave a comment