5 matches found
EUVD-2024-31762
Malicious code in bioql PyPI...
CVE-2024-3165
System-Maintenance- Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05 Insecure Design OWASP Top 1...
CVE-2024-3164
In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System...
CVE-2024-3164
In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System...
CVE-2024-3164
The CVE-2024-3164 issue affects dotCMS where the Tools and Log Files tabs under System → Maintenance Portlet are accessible to any user with the portlet, not just CMS Admins. The vulnerability arises from broken access control, allowing site-admin users (without system-admin privileges) to access...