CVE-2022-35740 — MEDIUM (6.1)

Q: How severe is CVE-2022-35740?

CVE-2022-35740 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-35740?

Check the references section above for vendor advisories and patch information. Affected products include: Dotcms Dotcms.

Vulnerability Description

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. (This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users.) Some Java application frameworks, including those used by Spring or Tomcat, allow the use of matrix parameters: these are URI parameters separated by semicolons. Through precise semicolon placement in a URI, it is possible to exploit this feature to avoid dotCMS's path-based XSS prevention (such as "require login" filters), and consequently access restricted resources. For example, an attacker could place a semicolon immediately before a / character that separates elements of a filesystem path. This could reveal file content that is ordinarily only visible to signed-in users. This issue can be chained with other exploit code to achieve XSS attacks against dotCMS.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Dotcms	Dotcms	>= 5.3.8, < 5.3.8.12

Related Weaknesses (CWE)

CWE-79

References

https://github.com/dotCMS/patches-hotfixes/tree/master/com.dotcms.security.matriExploitThird Party Advisory
https://www.dotcms.com/security/SI-63ExploitMitigationVendor Advisory
https://github.com/dotCMS/patches-hotfixes/tree/master/com.dotcms.security.matriExploitThird Party Advisory
https://www.dotcms.com/security/SI-63ExploitMitigationVendor Advisory

FAQ

What is CVE-2022-35740?

CVE-2022-35740 is a vulnerability with a CVSS score of 6.1 (MEDIUM). dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. (This is also fixed in 5.3...

How severe is CVE-2022-35740?

CVE-2022-35740 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-35740?

Check the references section above for vendor advisories and patch information. Affected products include: Dotcms Dotcms.