漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Dokploy's Preview Deployments are vulnerable to Remote Code Execution
Vulnerability Description
Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This exposes secrets and potentially enables remote code execution, putting all public Dokploy users using these preview deployments at risk. Version 0.24.3 contains a fix for the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
授权机制缺失
Vulnerability Title
Dokploy 安全漏洞
Vulnerability Description
Dokploy是Dokploy开源的一个开源软件。 Dokploy 0.24.3之前版本存在安全漏洞,该漏洞源于未经认证的预览部署功能存在任意代码执行,可能导致敏感环境变量泄露。
CVSS Information
N/A
Vulnerability Type
N/A