CVE-2022-45782

HIGH LAB

dotCMS core <5.3.8.15,22.10.1 - Info Disclosure

Title source: llm

Description

An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover.

Exploits (1)

nomisec WORKING POC 1 stars

by ninajafli · poc

https://github.com/ninajafli/DotCMS-CVE-2022-45782

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://www.dotcms.com/security/SI-66

Scores

CVSS v3 8.8

EPSS 0.0037

EPSS Percentile 59.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Lab Environment

COMMUNITY

Community Lab

docker pull docker.elastic.co/elasticsearch/elasticsearch:7.9.1

docker pull dotcms/dotcms:22.10.1

https://github.com/ninajafli/DotCMS-CVE-2022-45782

View in Library

Details

CWE

CWE-338

Status published

Products (1)

dotcms/dotcms 5.3.8.5 - 5.3.8.15

Published Feb 01, 2023

Tracked Since Feb 18, 2026