Highly Rated and Recommended
We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews
| Issue: |
|
|---|---|
| Date: |
|
| Severity: | Critical |
| Requires Admin Access: | No |
| Fix Version: | 3.3 |
| Credit: | Gjoko Krstic - zeroscience.mk |
| Description: |
It is possible to use a well formed POST to the DWR USer endpoint and add a new blank user to the dotCMS system. This user will not be provisioned or permissioned in any way, though will be a valid user in the system. Using this method combined with other attacks, it might be possible access Administrative Endpoints which would otherwise be protected. |
| Mitigation: |
Upgrade to dotCMS 3.3 or backport the fix found in the commits below which will prevent access to DWR endpoints without a valid authenticated user. |
| References |
https://github.com/dotCMS/core/commit/7b86fc850bf547e8c82366240dae27e7e56b4305 https://github.com/dotCMS/core/commit/7b86fc850bf547e8c82366240dae27e7e56b4305 |
We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews