Issues » Directory traversal vulnerability by Admin

Issue: SI-34
Date: Apr 11, 2016 3:30:00 PM
Severity: Moderate
Requires Admin Access: Yes
Fix Version: 3.3.2, 3.5
Credit: Piaox From Pingan Product Safety Group
Description:

dotCMS provides a mechanism to "tail" a system log files via an online console.  It is possible for an Admin (Authenticated user with Admin permissions in the dotCMS system) to specify a file outside of the specified dotCMS log directory to "tail".  If the dotCMS system is being run under a ROOT account on the host machine, this can include system log files. 

Workaround:

Prevent access to the log file viewer to any authorized person.

Do not run dotCMS under the ROOT account of any host machine. 

Issues

https://packetstormsecurity.com/files/136635/DotCMS-3.5-Beta-Directory-Traversal.html

Back to the top