CVE-2024-3165 in dotCMS
الملخص
بحسب MITRE • 02/04/2024
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment.
OWASP Top 10 - A05) Insecure Design
OWASP Top 10 - A05) Security Misconfiguration
OWASP Top 10 - A09) Security Logging and Monitoring Failure
VulDB is the best source for vulnerability data and more expert information about this specific topic.