1. Home
  2. Vulnerabilities
  3. CVE-2023-0815

CVE-2023-0815

CVSS v3.1 6.5 (Medium)
65% Progress
EPSS 0.07 % (31th)
0.07% Progress
Affected Products 2
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users
should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and
Horizon installation instructions state that they are intended for installation
within an organization's private networks and should not be directly accessible
from the Internet.

Weaknesses
CWE-532
Insertion of Sensitive Information into Log File
CVE Status
PUBLISHED
CNA
The OpenNMS Group
Published Date
2023-02-23 15:15:10
(19 months ago)
Updated Date
2023-11-07 04:01:31
(10 months ago)

Affected Products

Opennms

Configuration #1

    CPE23 From Up To
  Opennms Horizon prior 31.0.4 version cpe:2.3:a:opennms:horizon < 31.0.4
  Opennms Meridian prior 2023.1.0 version cpe:2.3:a:opennms:meridian < 2023.1.0