Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dokploy's Preview Deployments are vulnerable to Remote Code Execution
Vulnerability Description
Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This exposes secrets and potentially enables remote code execution, putting all public Dokploy users using these preview deployments at risk. Version 0.24.3 contains a fix for the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
授权机制缺失
Vulnerability Title
Dokploy 安全漏洞
Vulnerability Description
Dokploy是Dokploy开源的一个开源软件。 Dokploy 0.24.3之前版本存在安全漏洞,该漏洞源于未经认证的预览部署功能存在任意代码执行,可能导致敏感环境变量泄露。
CVSS Information
N/A
Vulnerability Type
N/A