Advisories for Maven/Com.erudika/Para-Server package

CWE ID: CWE-532 (Insertion of Sensitive Information into Log File) CVSS: 6.2 (Medium) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Component: Facebook Authentication Logging Version: Para v1.50.6 File Path: para-1.50.6/para-server/src/main/java/com/erudika/para/server/security/filters/FacebookAuthFilter.java Vulnerable Line(s): Line 184 (logger.warn(…) with raw access token) Technical Details: The vulnerability is located in FacebookAuthFilter.java, where a failed request to Facebook’s user profile endpoint triggers the following log statement: logger.warn("Facebook auth request failed: GET " + PROFILE_URL + accessToken, e);`

CWE ID: CWE-532 (Insertion of Sensitive Information into Log File) CVSS: 7.5 (High) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Component: Para Server Initialization Logging Version: Para v1.50.6 File Path: para-1.50.6/para-server/src/main/java/com/erudika/para/server/utils/HealthUtils.java Vulnerable Line(s): Line 132 (via logger.info(…) with root credentials) Technical Details: The vulnerability is located in the HealthUtils.java file, where a failed configuration file write triggers the following logging statement: logger.info("Initialized root app with access key '{}' and secret '{}', but could not …

CWE ID: CWE-532 (Insertion of Sensitive Information into Log File) CVSS: 7.5 (High) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Component: Para Server Initialization Logging Version: Para v1.50.6 File Path: para-1.50.6/para-server/src/main/java/com/erudika/para/server/utils/HealthUtils.java Vulnerable Line(s): Line 132 (via logger.info(…) with root credentials) Technical Details: The vulnerability is located in the HealthUtils.java file, where a failed configuration file write triggers the following logging statement: logger.info("Initialized root app with access key '{}' and secret '{}', but could not …