Access Control Bypass in dotCMS Affects Sensitive Information Retrieval
CVE-2022-35740

6.1MEDIUM

Key Information:

Vendor: Dotcms
Status: Dotcms
Vendor: CVE Published:; 10 November 2022

What is CVE-2022-35740?

An access control bypass vulnerability in dotCMS prior to version 22.06 allows remote attackers to exploit a semicolon in a URL to introduce matrix parameters. This vulnerability leverages specific placements of semicolons within URIs, enabling attackers to bypass standard path-based protections that enforce user authentication. As a result, unauthorized users may gain access to sensitive files and resources that are typically restricted to logged-in users. The exploitation of this vulnerability can also facilitate further attacks, such as cross-site scripting (XSS), when combined with other malicious code. Organizations using affected versions are strongly advised to implement the latest patches to safeguard against these potential security breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.dotcms.com/security/SI-63

https://github.com/dotCMS/patches-hotfixes/tree/master/co...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 10, 2022
Vulnerability Reserved
Jul 13, 2022

JSON

Dotcms

What is CVE-2022-35740?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.