CVE-2023-0815
MEDIUM6.5EPSS 0.33%OpenNMS has potential Insertion of Sensitive Information into Log File vulnerability
發布日:2023/2/23修改日:2023/11/8
描述
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug.
受影響套件(1)
- Maven/org.opennms:opennmsfrom 0, < 31.0.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-0815
- PATCHhttps://github.com/OpenNMS/opennms
- WEBhttps://docs.opennms.com/meridian/2022/releasenotes/changelog.html#releasenotes-changelog-Meridian-2022.1.13
- WEBhttps://github.com/OpenNMS/opennms/pull/5741/files
- WEBhttps://github.com/OpenNMS/opennms/releases/tag/opennms-31.0.4-1