CVE-2024-3165
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment.
OWASP Top 10 - A05) Insecure Design
OWASP Top 10 - A05) Security Misconfiguration
OWASP Top 10 - A09) Security Logging and Monitoring Failure
| Software | From | Fixed in |
|---|---|---|
| dotcms / dotcms | 23.10.24-2 | 23.10.24-2.x |
| dotcms / dotcms | 23.10.24-3 | 23.10.24-3.x |
| dotcms / dotcms | 23.10.24-4 | 23.10.24-4.x |
| dotcms / dotcms | 23.10.24-5 | 23.10.24-5.x |
| dotcms / dotcms | 23.10.24-6 | 23.10.24-6.x |
| dotcms / dotcms | 23.10.24-7 | 23.10.24-7.x |
| dotcms / dotcms | 23.10.24-1 | 23.10.24-1.x |
| dotcms / dotcms | 22.02 | 22.03.15 |
| dotcms / dotcms | 23.01 | 23.01.15 |
| dotcms / dotcms | 23.02 | 23.09.7.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime