CVE-2024-3165

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-3165
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3165.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-3165
Published
2024-04-01T22:15:23.080Z
Modified
2026-04-10T05:12:31.262181Z
Severity
  • 4.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment.  

OWASP Top 10 - A05) Insecure Design

OWASP Top 10 - A05) Security Misconfiguration

OWASP Top 10 - A09) Security Logging and Monitoring Failure

References

Affected packages

Git / github.com/dotcms/core

Affected ranges

Type
GIT
Repo
https://github.com/dotcms/core
Events
Introduced
a7dc7c4140d33d98ccc65120f9d659d07ad42ce0
Fixed
cc51d80d4145ee517c981a5e9b7b5399ca3dfca3
Introduced
9106fff61c040ca47230b318b1cf78cd0fcc49d2
Fixed
4d47a41b27d9e50ad799b37b2f7cfc8fe99f02e1
Introduced
3feb6fa6ebdcf1509252fbf9ee7e53017c8bf96f
Last affected
20de9e9f791d40b6655c3cd506d74fce8fcb4f2d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e32f4c872fbd0576ce4587aacaa26cc2995b9ce5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5374aed6949aa5c6dbac269cc3944c7b79ee0d78
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f02f738fbdb827a4313caac9f376dd16af957fbe
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4ce542de6e940eeb0ced492d69f33fba39c984f2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2457af35bdc9710d66bc5bf10c34004d104ed5bd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e26d237d61c9cf0691cb8f093c6c08ee5b47a924
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c5e93f4fd71de3c021ba5cee5b2ffb1b6cbd414f
Database specific 
{
    "versions": [
        {
            "introduced": "22.02"
        },
        {
            "fixed": "22.03.15"
        },
        {
            "introduced": "23.01"
        },
        {
            "fixed": "23.01.15"
        },
        {
            "introduced": "23.02"
        },
        {
            "last_affected": "23.09.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "23.10.24-1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "23.10.24-2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "23.10.24-3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "23.10.24-4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "23.10.24-5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "23.10.24-6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "23.10.24-7"
        }
    ]
}

Affected versions

22.*
22.10.1
3.*
3.0
3.5
3.5_Preview01
3.5_Preview02
3.6.0
pre-release.*
pre-release.07.13.23
pre3.*
pre3.5buildrevert
v22.*
v22.03
v22.03.1
v22.03.10
v22.03.11
v22.03.12
v22.03.13
v22.03.14
v22.03.2
v22.03.3
v22.03.4
v22.03.5
v22.03.6
v22.03.7
v22.03.8
v22.03.9
v23.*
v23.01
v23.01.1
v23.01.10
v23.01.11
v23.01.12
v23.01.13
v23.01.14
v23.01.2
v23.01.3
v23.01.4
v23.01.5
v23.01.6
v23.01.7
v23.01.8
v23.01.9
v23.09-pre
v23.09.7
v23.10.24
v23.10.24_lts_v1
v23.10.24_lts_v2
v23.10.24_lts_v3
v23.10.24_lts_v4
v23.10.24_lts_v5
v23.10.24_lts_v6
v23.10.24_lts_v7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3165.json"