Issues » File Deletion Vulnerability

Issue: SI-47
Date: Jan 10, 2019 9:00:00 AM
Severity: Moderate
Requires Admin Access: Yes
Fix Version: TBD
Credit: Johannes Moritz - RIPS TECHNOLOGIES GMBH
Description:

A specific dotCMS endpoint can be utilized to delete specified files on the server's filesystem.

To exploit this vulnerability, the user must be logged into the backend of dotCMS with administrator permissions and use a carefully crafted URL.

Status of this issue can be tracked here:  https://github.com/dotCMS/core/issues/15811

Workaround:

Should always be running dotCMS as a user that only has access to the parts of the filesystem necessary to run dotCMS.  These limited permissions will keep this vulnerability from being used to delete files outside of the dotCMS / tomcat directory structure. https://dotcms.com/docs/latest/security-best-practices#ServerPermissions