Security Advisory

CVE-2024-3165

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-04-01 21:38:04

Last updated 2024-09-30 15:27:54

Assigner dotCMS

State PUBLISHED

Description

System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05) Insecure Design OWASP Top 10 - A05) Security Misconfiguration OWASP Top 10 - A09) Security Logging and Monitoring Failure

← Browse all CVEs View on cve.org ↗