System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment.
OWASP Top 10 - A05) Insecure Design
OWASP Top 10 - A05) Security Misconfiguration
OWASP Top 10 - A09) Security Logging and Monitoring Failure
References
Link | Resource |
---|---|
https://github.com/dotCMS/core/issues/27910 | Issue Tracking |
https://github.com/dotCMS/core/pull/28006 | Issue Tracking |
https://www.dotcms.com/security/SI-70 | Broken Link |
https://github.com/dotCMS/core/issues/27910 | Issue Tracking |
https://github.com/dotCMS/core/pull/28006 | Issue Tracking |
https://www.dotcms.com/security/SI-70 | Broken Link |
Configurations
Configuration 1 (hide)
|
History
27 Jun 2025, 14:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:dotcms:dotcms:23.10.24:2:*:*:lts:*:*:* cpe:2.3:a:dotcms:dotcms:23.10.24:3:*:*:lts:*:*:* cpe:2.3:a:dotcms:dotcms:23.10.24:1:*:*:lts:*:*:* cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:* cpe:2.3:a:dotcms:dotcms:23.10.24:6:*:*:lts:*:*:* cpe:2.3:a:dotcms:dotcms:23.10.24:4:*:*:lts:*:*:* cpe:2.3:a:dotcms:dotcms:23.10.24:7:*:*:lts:*:*:* cpe:2.3:a:dotcms:dotcms:23.10.24:5:*:*:lts:*:*:* |
|
References | () https://github.com/dotCMS/core/issues/27910 - Issue Tracking | |
References | () https://github.com/dotCMS/core/pull/28006 - Issue Tracking | |
References | () https://www.dotcms.com/security/SI-70 - Broken Link | |
First Time |
Dotcms dotcms
Dotcms |
21 Nov 2024, 09:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/dotCMS/core/issues/27910 - | |
References | () https://github.com/dotCMS/core/pull/28006 - | |
References | () https://www.dotcms.com/security/SI-70 - |
30 Sep 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-532 |
26 Jul 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
25 Jul 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05) Insecure Design OWASP Top 10 - A05) Security Misconfiguration OWASP Top 10 - A09) Security Logging and Monitoring Failure | |
References |
|
|
02 Apr 2024, 12:50
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
01 Apr 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-01 22:15
Updated : 2025-06-27 14:06
NVD link : CVE-2024-3165
Mitre link : CVE-2024-3165
CVE.ORG link : CVE-2024-3165
JSON object : View
Products Affected
dotcms
- dotcms
CWE
CWE-532
Insertion of Sensitive Information into Log File