Issues » Directory traversal vulnerability by Admin

Issue: SI-34
Date: Apr 11, 2016, 11:30:00 AM
Severity: Medium
Requires Admin Access: Yes
Fix Version: 3.3.2, 3.5
Credit: Piaox From Pingan Product Safety Group

dotCMS provides a mechanism to "tail" a system log files via an online console.  It is possible for an Admin (Authenticated user with Admin permissions in the dotCMS system) to specify a file outside of the specified dotCMS log directory to "tail".  If the dotCMS system is being run under a ROOT account on the host machine, this can include system log files.


Prevent access to the log file viewer to any authorized person.

Do not run dotCMS under the ROOT account of any host machine.