Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dokploy uses hardcoded credentials in installation script, which could result in database access
Vulnerability Description
Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line 154) uses a hardcoded password when creating the database container. This means that nearly all Dokploy installations use the same database credentials and could be compromised. Version 0.26.6 contains a patch for the issue.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
Dokploy 信任管理问题漏洞
Vulnerability Description
Dokploy是Dokploy开源的一个开源软件。 Dokploy 0.26.6之前版本存在信任管理问题漏洞,该漏洞源于安装脚本中存在硬编码凭证,可能导致数据库凭据泄露。
CVSS Information
N/A
Vulnerability Type
N/A