urlscan.io logo urlscan.io
SecurityTrails logo

www.dotcms.com Open in urlscan Pro
185.180.12.68  Public Scan

Back to summary
URL: https://www.dotcms.com/security/SI-67
Submission: On February 08 via api from US — Scanned from DE

Form analysis 1 forms found in the DOM

Name: searchForm /search

<form id="searchForm" name="searchForm" action="/search" data-hs-cf-bound="true">
  <label for="search-input" class="sr-only">Site Search:</label>
  <input type="text" id="search-input" class="search-box" name="q" autocomplete="off" placeholder="Site Search">
  <input class="btn btn-lg btn-secondary btn-search" type="submit" value="Search" name="search">
</form>

Text Content

This website stores cookies on your computer. These cookies are used to improve
your website experience and provide more personalized services to you, both on
this website and through other media. To find out more about the cookies we use,
see our Privacy Policy.

We won't track your information when you visit our site. But in order to comply
with your preferences, we'll have to use just one tiny cookie so that you're not
asked to make this choice again.

Accept Decline
   
 * Product
   
   
   DOTCMS CLOUD
   
   Agile, Scalable and Secure
   Hybrid Headless Content Management Workflows & Approval Multilingual &
   Localization
   Personalization Microsites & Multi-tenancy Content as a Service GraphQL
   
   
   PERFORMANCE HUB
   
   Exceptional performance at scale
   CDN (Content Delivery Network) Scalability Integrations DAM & Image
   Processing
   
 * Solutions
   
   
   SOLUTIONS
   
   
   HEADLESS CMS
   
   Decoupled content infrastructure with robust APIs and GraphQL.
   
   
   INTRANETS & EXTRANETS
   
   Provide a centralized place where employees can find everything they're
   looking for.
   
   
   INTEGRATION PLATFORM
   
   Enable seamless integration with best-of-breed tools to increase efficiency.
   
   
   KNOWLEDGE BASE
   
   Create, organize, and share knowledge base articles and content with ease.
   
   
   WEB APPS & SITES
   
   Create personalized experiences that attract and empower customers.
   
   
   CUSTOMER PORTALS
   
   Deliver an exceptional customer experience while streamlining business
   processes.
   
   
   AGILE E-COMMERCE
   
   Deliver performance, scalability and flexibility so you can focus on driving
   revenue.
   
   
   DIGITAL ASSET MANAGEMENT
   
   Empower creative teams to organize and manage their digital assets
   effectively.
   
   
   INDUSTRIES
   
    * Financial Services
    * Retail and eCommerce
    * Higher Education
    * High Tech
    * Media & Entertainment
    * Government & Nonprofit
    * Manufacturing

   
 * Partners
   
   
   PARTNERS
   
    * Find a dotCMS Partner
      
      Search for a partner who specializes in your industry or is in your
      geographic region
   
    * Become a dotCMS Partner
      
      Join the global network of dotCMS partners.
   
    * dotCMS Marketplace
      
      Seamlessly integrate with today's best-of-breed technologies
   
   
   OUR GLOBAL NETWORK OF PARTNERS REPRESENTS OVER 800 OFFICES IN 150 COUNTRIES
   
   
   All Partners
   
 * Resources
   
   
   RESOURCES
   
    * CMS Blog
      
      Articles about dotCMS, Web Development, or anything else we want to talk
      about.
   
    * dotCMS Case Studies
      
      Don't take our word for it; see what our customers have to say about
      dotCMS.
   
    * CMS Library
      
      Need more? Read our whitepapers, product briefs, and industry reports.
   
    * dotCMS Webinars
      
      Register for upcoming webinars or watch previously recorded webinars.
   
   
   SERVICES
   
    * Support
      
      dotCMS customers get access to developers and support engineers to help
      solve even the most challenging problems.
   
    * Professional Services
      
      We offer three levels of engagement to help you deliver, manage, and
      maintain your dotCMS implementation.
   
   
      SECURITY
   
    * Trust Report
      
      Security is at the core of everything we do. Our systems and processes are
      constantly monitored to issue our SOC 2 Type II certification.
   
   
   DEVELOPER
   
    * Download dotCMS
    * dotCMS Documentation
    * dotCMS User Forum
    * dotCMS Roadmap
    * dotCMS Codeshare
    * Hybrid CMS Architecture
    * CMS Online Training
    * CMS Video Library

 * Pricing
 * Careers
 * Contact Us
 * Try dotCMS Now

Search Hybrid CMS Try it Now


ISSUES » DIRECTORY TRAVERSAL WITH RCE

Issue: SI-67 Date: Dec 15, 2022, 11:15:00 AM Severity: Moderate Requires Admin
Access: Yes Fix Version: 22.12+, LTS 21.06.12+, LTS 22.03.4+ Credit: Christos -
Minas Mathas Description:

An authenticated directory traversal vulnerability in dotCMS API can lead to
RCE. A zip file at the "/api/integrity/_fixconflictsfromremote" endpoint is
accepted and extracted without performing path traversal check. This can be
exploited by sending a specially crafted zip file which contains directory
traversal characters in the file content names (/../../xyz.sh). This allows for
the contents to be extracted at an arbitrary path inside the system.

This vulnerability requires Admin privileges to exploit.



Mitigation:
 * Upgrade to one of the versions of dotCMS listed above:
   * 22.12
   * LTS 21.06.12
   * LTS 22.03.4
 * Use a WAF to prevent POSTs to the /api/integrity/_fixconflictsfromremote

References
 * https://security.snyk.io/research/zip-slip-vulnerability
 * https://www.dotcms.com/docs/latest/xss-prevention
 * CVE-2022-45783
 * The rest api endpoint method calls the method fixConflicts:
   https://github.com/dotCMS/core/blob/release-21.04/dotCMS/src/main/java/com/
   dotcms/rest/IntegrityResource.java#L835
   
 * The fixConflicts method calls the unzipFile method:
   https://github.com/dotCMS/core/blob/release-21.04/dotCMS/src/main/java/com/
   dotcms/integritycheckers/IntegrityUtil.java#L567
   
 * The unzipFile method unzips the file without the proper checks in place:
   https://github.com/dotCMS/core/blob/release-21.04/dotCMS/src/main/java/com/
   dotcms/integritycheckers/IntegrityUtil.java#L205

dotCMS is designed to deliver content-driven applications at scale. Whether
you're building a network of global websites, an employee intranet, customer
portal, or single page web application, dotCMS helps you manage content, images,
and assets in one centralized location and deliver them to any channel.


PRODUCT

 * dotCMS Cloud
 * Pricing
 * 14 Day Trial
 * Feature List


SOLUTIONS

 * Content Management
 * Headless/APIs
 * Asset Management
 * Agile E-Commerce
 * Intranets & Extranets


RESOURCES

 * Documentation
 * Community
 * Videos
 * Partners
 * Trust Report


COMPANY

 * Events
 * Careers
 * News Room
 * Contact Us


 * 
 * 
 * 
 * 

Copyright © 2011-2023 dotCMS, LLC All rights reserved.

Privacy | GDPR Support | Cookie Settings

Site Search:
X

X
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word

mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1