CVE-2024-3165

Name of the Vulnerable Software and Affected Versions dotCMS (affected versions not specified)

Description The issue is related to the System->Maintenance-> Log Files in the dotCMS dashboard, which is providing the username/password for database connections in the log output. This is considered a moderate issue because it requires a backend admin and the databases are locked down by environment. The problem is associated with insecure design, security misconfiguration, and security logging and monitoring failure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.