// For flags

CVE-2024-3164

 

Severity Score

4.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System Maintenance → Tools portlet. This would share database username and password under Log Files and download DB Dump and other dotCMS Content under Tools. Nothing in the System → Maintenance should be displayed for users with site admin role. Only system admins must have access to System Maintenance.

OWASP Top 10 - A01) Broken Access Control

OWASP Top 10 - A04) Insecure Design

En el panel de dotCMS, las pestañas Tools y Log Files en System->Maintenance-> Log Files, que es y siempre ha sido un portlet de administración, son accesibles para cualquier persona con ese portlet y no solo para los administradores de CMS. Los usuarios que obtienen un administrador del sitio pero no un administrador del sistema no deberían tener acceso al portlet System Maintenance ? Tools. Esto compartiría el nombre de usuario y la contraseña de la base de datos en Archivos de registro y descargaría DB Dump y otro contenido de dotCMS en Herramientas. No se debe mostrar nada en System ? Maintenance para los usuarios con función de administrador del sitio. Sólo los administradores del sistema deben tener acceso al Mantenimiento del sistema. OWASP Top 10 - A01) Control de acceso roto OWASP Top 10 - A04) Diseño inseguro

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-04-01 CVE Reserved
  • 2024-04-01 CVE Published
  • 2024-04-02 EPSS Updated
  • 2024-08-01 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-552: Files or Directories Accessible to External Parties
CAPEC
  • CAPEC-131: Resource Leak Exposure
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
DotCMS
Search vendor "DotCMS"
 DotCMS Core
Search vendor "DotCMS" for product "DotCMS Core"
 22.02
Search vendor "DotCMS" for product "DotCMS Core" and version "22.02"
en
Affected