System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment.
OWASP Top 10 - A05) Insecure Design
OWASP Top 10 - A05) Security Misconfiguration
OWASP Top 10 - A09) Security Logging and Monitoring Failure
References
Configurations
No configuration.
History
02 Apr 2024, 12:50
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
01 Apr 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-01 22:15
Updated : 2024-04-02 12:50
NVD link : CVE-2024-3165
Mitre link : CVE-2024-3165
CVE.ORG link : CVE-2024-3165
JSON object : View
Products Affected
No product.
CWE
CWE-522
Insufficiently Protected Credentials