Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Dot CMS Insertion of Sensitive Information into Log File Vulnerability - CVE-2024-3165 - Vulnerability Database
Dot CMS

Dot CMS Insertion of Sensitive Information into Log File Vulnerability - CVE-2024-3165

Medium
Reference: CVE-2024-3165
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-3165
Title: Dot CMS Insertion of Sensitive Information into Log File Vulnerability
Overview:

System-gtMaintenance-gt Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05) Insecure Design OWASP Top 10 - A05) Security Misconfiguration OWASP Top 10 - A09) Security Logging and Monitoring Failure