Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05eHBqLW12cDItMzk0M84AAxyJ
OpenNMS has potential Insertion of Sensitive Information into Log File vulnerability
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug.
Permalink: https://github.com/advisories/GHSA-9xpj-mvp2-3943JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05eHBqLW12cDItMzk0M84AAxyJ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-9xpj-mvp2-3943, CVE-2023-0815
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-0815
- https://github.com/OpenNMS/opennms/pull/5741/files
- https://docs.opennms.com/meridian/2022/releasenotes/changelog.html#releasenotes-changelog-Meridian-2022.1.13
- https://github.com/OpenNMS/opennms/releases/tag/opennms-31.0.4-1
- https://github.com/advisories/GHSA-9xpj-mvp2-3943
Blast Radius: 1.0
Affected Packages
maven:org.opennms:opennms
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: < 31.0.4
Fixed in: 31.0.4
All affected versions: 31.0.3
All unaffected versions: