CVE-2024-3165

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-3165

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3165.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-3165

Published

2024-04-01T22:15:23Z

Modified

2025-06-27T21:21:11Z

Summary

[none]

Details

System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment.

OWASP Top 10 - A05) Insecure Design

OWASP Top 10 - A05) Security Misconfiguration

OWASP Top 10 - A09) Security Logging and Monitoring Failure

References

Affected packages

Git / github.com/dotcms/core

Affected ranges

Type: GIT
Repo: https://github.com/dotcms/core
Events: Introduced

a7dc7c4140d33d98ccc65120f9d659d07ad42ce0

Fixed

cc51d80d4145ee517c981a5e9b7b5399ca3dfca3