Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dokploy allows attackers to read any file that the Traefik process user can access
Vulnerability Description
Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated attacker can read any file that the Traefik process user can access (e.g., /etc/passwd, application source, environment variable files containing credentials and secrets). This may lead to full compromise of other services or lateral movement. This vulnerability is fixed in 0.23.7.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Dokploy 路径遍历漏洞
Vulnerability Description
Dokploy是Dokploy开源的一个开源软件。 Dokploy 0.23.7之前版本存在路径遍历漏洞,该漏洞源于经过身份验证的攻击者可读取Traefik进程用户可访问的任何文件,可能导致其他服务完全被破解或横向移动。
CVSS Information
N/A
Vulnerability Type
N/A