{"id":"CVE-2023-0815","details":"Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users\nshould upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and\nHorizon installation instructions state that they are intended for installation\nwithin an organization's private networks and should not be directly accessible\nfrom the Internet.\n\n\n\n\n\n\n","aliases":["GHSA-9xpj-mvp2-3943"],"modified":"2026-02-13T02:37:15.010792Z","published":"2023-02-23T15:15:10.897Z","references":[{"type":"ADVISORY","url":"https://docs.opennms.com/meridian/2022/releasenotes/changelog.html#releasenotes-changelog-Meridian-2022.1.13"},{"type":"ADVISORY","url":"https://github.com/OpenNMS/opennms/pull/5741/files"},{"type":"FIX","url":"https://github.com/OpenNMS/opennms/pull/5741/files"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opennms/opennms","events":[{"introduced":"0"},{"fixed":"9feb41d9ff697443b9b77bdcfa8e618b1350ed76"}]}],"versions":["meridian-foundation-2015.1.0-1","meridian-foundation-2015.1.1-1","meridian-foundation-2015.1.10-1","meridian-foundation-2015.1.2-1","meridian-foundation-2015.1.3-1","meridian-foundation-2015.1.4-1","meridian-foundation-2015.1.5-1","meridian-foundation-2015.1.6-1","meridian-foundation-2015.1.7-1","meridian-foundation-2016.1.1-1","meridian-foundation-2016.1.10-1","meridian-foundation-2016.1.15-1","meridian-foundation-2016.1.2-1","meridian-foundation-2016.1.3-1","meridian-foundation-2016.1.4-1","meridian-foundation-2016.1.5-1","meridian-foundation-2016.1.6-1","meridian-foundation-2016.1.7-1","meridian-foundation-2016.1.9-1","meridian-foundation-2017.1.0-1","meridian-foundation-2017.1.10-1","meridian-foundation-2017.1.2-1","meridian-foundation-2017.1.3-1","meridian-foundation-2017.1.4-1","meridian-foundation-2017.1.5-1","meridian-foundation-2018.1.30-1","meridian-foundation-2018.1.31-1","meridian-foundation-2019.1.21-1","meridian-foundation-2019.1.22-1","meridian-foundation-2019.1.23-1","meridian-foundation-2019.1.24-1","meridian-foundation-2019.1.25-1","meridian-foundation-2019.1.26-1","meridian-foundation-2019.1.27-1","meridian-foundation-2019.1.28-1","meridian-foundation-2019.1.29-1","meridian-foundation-2019.1.30-1","meridian-foundation-2019.1.31-1","meridian-foundation-2019.1.32-1","meridian-foundation-2019.1.33-1","meridian-foundation-2019.1.34-1","meridian-foundation-2019.1.35-1","meridian-foundation-2019.1.36-1","meridian-foundation-2019.1.37-1","meridian-foundation-2019.1.38-1","meridian-foundation-2019.1.39-1","meridian-foundation-2019.1.40-1","meridian-foundation-2020.1.10-1","meridian-foundation-2020.1.11-1","meridian-foundation-2020.1.12-1","meridian-foundation-2020.1.13-1","meridian-foundation-2020.1.14-1","meridian-foundation-2020.1.15-1","meridian-foundation-2020.1.16-1","meridian-foundation-2020.1.17-1","meridian-foundation-2020.1.18-1","meridian-foundation-2020.1.19-1","meridian-foundation-2020.1.20-1","meridian-foundation-2020.1.21-1","meridian-foundation-2020.1.22-1","meridian-foundation-2020.1.23-1","meridian-foundation-2020.1.24-1","meridian-foundation-2020.1.25-1","meridian-foundation-2020.1.26-1","meridian-foundation-2020.1.27-1","meridian-foundation-2020.1.28-1","meridian-foundation-2020.1.29-1","meridian-foundation-2020.1.30-1","meridian-foundation-2020.1.31-1","meridian-foundation-2020.1.32-1","meridian-foundation-2021.1.10-1","meridian-foundation-2021.1.11-1","meridian-foundation-2021.1.12-1","meridian-foundation-2021.1.14-1","meridian-foundation-2021.1.15-1","meridian-foundation-2021.1.16-1","meridian-foundation-2021.1.17-1","meridian-foundation-2021.1.18-1","meridian-foundation-2021.1.19-1","meridian-foundation-2021.1.2-1","meridian-foundation-2021.1.20-1","meridian-foundation-2021.1.21-1","meridian-foundation-2021.1.22-1","meridian-foundation-2021.1.23-1","meridian-foundation-2021.1.24-1","meridian-foundation-2021.1.3-1","meridian-foundation-2021.1.4-1","meridian-foundation-2021.1.5-1","meridian-foundation-2021.1.6-1","meridian-foundation-2021.1.7-1","meridian-foundation-2021.1.8-1","meridian-foundation-2021.1.9-1","meridian-foundation-2022.1.0-1","meridian-foundation-2022.1.1-1","meridian-foundation-2022.1.10-1","meridian-foundation-2022.1.11-1","meridian-foundation-2022.1.12-1","meridian-foundation-2022.1.13-1","meridian-foundation-2022.1.2-1","meridian-foundation-2022.1.3-1","meridian-foundation-2022.1.4-1","meridian-foundation-2022.1.5-1","meridian-foundation-2022.1.6-1","meridian-foundation-2022.1.7-1","meridian-foundation-2022.1.8-1","meridian-foundation-2022.1.9-1","meridian-foundation-2023.1.0-1","opennms-1.10.0-1","opennms-1.10.1-1","opennms-1.10.10-1","opennms-1.10.11-1","opennms-1.10.12-1","opennms-1.10.13-1","opennms-1.10.14-1","opennms-1.10.2-1","opennms-1.10.3-1","opennms-1.10.4-1","opennms-1.10.5-1","opennms-1.10.6-1","opennms-1.10.7-1","opennms-1.10.8-1","opennms-1.10.9-1","opennms-1.11.0-1","opennms-1.11.1-1","opennms-1.11.3-1","opennms-1.11.90-1","opennms-1.11.91-1","opennms-1.11.92-1","opennms-1.11.93-1","opennms-1.11.94-1","opennms-1.12.0-1","opennms-1.12.1-1","opennms-1.12.2-1","opennms-1.12.3-1","opennms-1.12.4-1","opennms-1.12.5-1","opennms-1.12.6-1","opennms-1.12.7-1","opennms-1.12.8-1","opennms-1.12.9-1","opennms-1.13.0-1","opennms-1.13.1-1","opennms-1.13.2-1","opennms-1.13.3-1","opennms-1.13.4-1","opennms-1.7.9","opennms-1.9.0-1","opennms-1.9.3-2","opennms-1.9.4-1","opennms-1.9.5-1","opennms-1.9.6-1","opennms-1.9.7-1","opennms-1.9.8-1","opennms-1.9.90-1","opennms-1.9.91-1","opennms-1.9.92-1","opennms-1.9.93-1","opennms-14.0.0-1","opennms-14.0.1-1","opennms-14.0.2-1","opennms-14.0.3-1","opennms-14.0.3-2","opennms-15.0.0-1","opennms-15.0.1-1","opennms-15.0.2-1","opennms-16.0.0-1","opennms-16.0.1-1","opennms-16.0.2-1","opennms-16.0.3-1","opennms-16.0.4-1","opennms-17.0.0-1","opennms-17.1.0-1","opennms-17.1.1-1","opennms-17.1.1-2","opennms-17.1.1-3","opennms-18.0.0-1","opennms-18.0.1-1","opennms-18.0.2-1","opennms-18.0.3-1","opennms-18.0.4-1","opennms-19.0.0-1","opennms-19.0.1-1","opennms-19.1.0-1","opennms-20.0.0-1","opennms-20.0.1-1","opennms-20.0.2-1","opennms-20.1.0-1","opennms-21.0.0-1","opennms-21.0.1-1","opennms-21.0.2-1","opennms-21.0.3-1","opennms-21.0.4-1","opennms-21.0.5-1","opennms-21.1.0-1","opennms-22.0.0-1","opennms-22.0.1-1","opennms-22.0.2-1","opennms-22.0.3-1","opennms-22.0.4-1","opennms-23.0.0-1","opennms-23.0.1-1","opennms-23.0.2-1","opennms-23.0.3-1","opennms-23.0.4-1","opennms-24.0.0-1","opennms-24.1.0-1","opennms-24.1.1-1","opennms-24.1.2-1","opennms-24.1.3-1","opennms-25.0.0-1","opennms-25.1.0-1","opennms-25.1.1-1","opennms-25.1.2-1","opennms-25.2.0-1","opennms-25.2.1-1","opennms-26.0.0-1","opennms-26.0.1-1","opennms-26.1.0-1","opennms-26.1.1-1","opennms-26.1.2-1","opennms-26.1.3-1","opennms-26.2.0-1","opennms-26.2.1-1","opennms-26.2.2-1","opennms-27.0.0-1","opennms-27.0.1-1","opennms-27.0.2-1","opennms-27.0.3-1","opennms-27.0.4-1","opennms-27.0.5-1","opennms-27.1.0-1","opennms-27.1.1-1","opennms-27.2.0-1","opennms-28.0.0-2","opennms-28.0.1-1","opennms-28.0.2-1","opennms-28.0.2-2","opennms-28.1.0-1","opennms-28.1.1-1","opennms-29.0.0-1","opennms-29.0.1-1","opennms-29.0.10-1","opennms-29.0.2-1","opennms-29.0.3-1","opennms-29.0.4-1","opennms-29.0.5-1","opennms-29.0.6-1","opennms-29.0.7-1","opennms-29.0.8-1","opennms-29.0.9-1","opennms-30.0.0-1","opennms-30.0.1-1","opennms-30.0.2-1","opennms-30.0.3-1","opennms-30.0.4-1","opennms-31.0.0-1","opennms-31.0.1-1","opennms-31.0.2-1","opennms-31.0.3-1","space-integration-12.2-code-freeze"],"database_specific":{"vanir_signatures":[{"id":"CVE-2023-0815-0e0e561b","digest":{"length":185,"function_hash":"206425191555369378448459867943500113004"},"source":"https://github.com/opennms/opennms/commit/9feb41d9ff697443b9b77bdcfa8e618b1350ed76","signature_version":"v1","target":{"file":"opennms-full-assembly/src/test/java/org/opennms/assemblies/karaf/OnmsKarafTestCase.java","function":"getFrameworkUrl"},"signature_type":"Function","deprecated":false},{"id":"CVE-2023-0815-ccaa9e5b","digest":{"threshold":0.9,"line_hashes":["34429318019951841524344332265895841257","69464526689932505471209434272048820764","263236452842351482963584900797504484320","167767907474950385554340535886404424610"]},"source":"https://github.com/opennms/opennms/commit/9feb41d9ff697443b9b77bdcfa8e618b1350ed76","signature_version":"v1","target":{"file":"opennms-full-assembly/src/test/java/org/opennms/assemblies/karaf/OnmsKarafTestCase.java"},"signature_type":"Line","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0815.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}