Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 03 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 02 Jul 2026 04:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Opentelemetry
Opentelemetry opentelemetry-java-instrumentation |
|
| Vendors & Products |
Opentelemetry
Opentelemetry opentelemetry-java-instrumentation |
Wed, 01 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text database passwords can be added to trace span attributes and exported to observability backends. This issue has been fixed in version 2.28.0. | |
| Title | OpenTelemetry Java Instrumentation: JDBC Auto-Instrumentation Logging Clear-Text Passwords | |
| Weaknesses | CWE-532 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-02T12:23:50.336Z
Reserved: 2026-06-15T22:58:06.563Z
Link: CVE-2026-54704
Updated: 2026-07-02T12:23:47.315Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-07T14:15:03Z