← Back

CVE-2024-3165

nvd nist
Published: Apr 1, 2024Modified: Jun 27, 2025

JSON object

Loading...
4.5
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Exploitability: 0.9 / Impact: 3.6
Source: security@dotcms.com (Secondary)

Description

System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment.   OWASP Top 10 - A05) Insecure Design OWASP Top 10 - A05) Security Misconfiguration OWASP Top 10 - A09) Security Logging and Monitoring Failure

Affected (10)

Products: Dotcms: Dotcms
Dotcms
1 product
Dotcms
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Dotcms
Dotcms
From 22.02 to 22.03.15
Dotcms
From 23.01 to 23.01.15
Dotcms
From 23.02 to 23.09.7
Dotcms
Version 23.10.24 1
Dotcms
Version 23.10.24 2
Dotcms
Version 23.10.24 3
Dotcms
Version 23.10.24 4
Dotcms
Version 23.10.24 5
Dotcms
Version 23.10.24 6
Dotcms
Version 23.10.24 7

Related CWEs

CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (6)

Source: security@dotcms.com
Issue Tracking
Source: security@dotcms.com
Issue Tracking
Source: security@dotcms.com
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

Timeline

No history available yet.