Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dokploy Improperly Discloses User Information via user.one Endpoint
Vulnerability Description
Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7.
CVSS Information
N/A
Vulnerability Type
侵犯隐私
Vulnerability Title
Dokploy 安全漏洞
Vulnerability Description
Dokploy是Dokploy开源的一个开源软件。 Dokploy 0.23.7之前版本存在安全漏洞,该漏洞源于低权限账户可检索其他用户详细信息,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A