GHSA-9xpj-mvp2-3943
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9xpj-mvp2-3943
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-9xpj-mvp2-3943/GHSA-9xpj-mvp2-3943.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9xpj-mvp2-3943
- Aliases
- Published
- 2023-02-23T15:33:05Z
- Modified
- 2023-11-08T04:11:12.077112Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- OpenNMS has potential Insertion of Sensitive Information into Log File vulnerability
- Details
-
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug.
- Database specific
{ "nvd_published_at": "2023-02-23T15:15:00Z", "github_reviewed_at": "2023-02-28T23:28:09Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-532" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-0815
- https://github.com/OpenNMS/opennms/pull/5741/files
- https://docs.opennms.com/meridian/2022/releasenotes/changelog.html#releasenotes-changelog-Meridian-2022.1.13
- https://github.com/OpenNMS/opennms
- https://github.com/OpenNMS/opennms/releases/tag/opennms-31.0.4-1
Affected packages
Maven / org.opennms:opennms
Package
- Name
- org.opennms:opennms
- View open source insights on deps.dev
- Purl
- pkg:maven/org.opennms/opennms