System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment.
OWASP Top 10 - A05) Insecure Design
OWASP Top 10 - A05) Security Misconfiguration
OWASP Top 10 - A09) Security Logging and Monitoring Failure
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: dotCMS
Published: 2024-04-01T21:38:04.085Z
Updated: 2024-08-27T15:35:24.144Z
Reserved: 2024-04-01T21:31:06.377Z
Link: CVE-2024-3165
Vulnrichment
Updated: 2024-08-01T20:05:07.539Z
NVD
Status : Awaiting Analysis
Published: 2024-04-01T22:15:23.080
Modified: 2024-07-26T14:15:02.690
Link: CVE-2024-3165
Redhat
No data.