CVE-2023-0815 – org.opennms:opennms

Package

Manager: maven
Name: org.opennms:opennms
Vulnerable Version: >=0 <31.0.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00215 pctl0.44069

Details

OpenNMS has potential Insertion of Sensitive Information into Log File vulnerability Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug.

Metadata

Created: 2023-02-23T15:33:05Z
Modified: 2023-03-08T15:29:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-9xpj-mvp2-3943/GHSA-9xpj-mvp2-3943.json
CWE IDs: ["CWE-532"]
Alternative ID: GHSA-9xpj-mvp2-3943
Finding: F091
Auto approve: 1