CVE-2023-0815

Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:opennms:horizon:*:*:*:*:*:*:*:*
cpe:2.3:a:opennms:meridian:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:37

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 6.8
References () https://docs.opennms.com/meridian/2022/releasenotes/changelog.html#releasenotes-changelog-Meridian-2022.1.13 - Release Notes () https://docs.opennms.com/meridian/2022/releasenotes/changelog.html#releasenotes-changelog-Meridian-2022.1.13 - Release Notes
References () https://github.com/OpenNMS/opennms/pull/5741/files - Patch, Vendor Advisory () https://github.com/OpenNMS/opennms/pull/5741/files - Patch, Vendor Advisory

07 Nov 2023, 04:01

Type Values Removed Values Added
Summary Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

Information

Published : 2023-02-23 15:15

Updated : 2024-11-21 07:37


NVD link : CVE-2023-0815

Mitre link : CVE-2023-0815

CVE.ORG link : CVE-2023-0815


JSON object : View

Products Affected

opennms

  • meridian
  • horizon
CWE
CWE-532

Insertion of Sensitive Information into Log File