3 matches found
CVE-2024-3164
In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System...
CVE-2024-3164
The CVE-2024-3164 issue affects dotCMS where the Tools and Log Files tabs under System → Maintenance Portlet are accessible to any user with the portlet, not just CMS Admins. The vulnerability arises from broken access control, allowing site-admin users (without system-admin privileges) to access...
PT-2024-24172 · Dotcms · Dotcms
Name of the Vulnerable Software and Affected Versions: dotCMS version 22.02 Description: The issue concerns the dotCMS dashboard, specifically the Tools and Log Files tabs under System → Maintenance Portlet. This portlet, which is intended for Admin access, is accessible to anyone with the portle...