Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7.
Metrics
Affected Vendors & Products
References
History
Mon, 07 Jul 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 07 Jul 2025 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated low-privileged account can retrieve detailed profile information about another users in the same organization by directly invoking user.one. The response discloses personally-identifiable information (PII) such as e-mail address, role, two-factor status, organization ID, and various account flags. The fix will be available in the v0.23.7. | |
Title | Dokploy Improperly Discloses User Information via user.one Endpoint | |
Weaknesses | CWE-359 CWE-862 |
|
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published: 2025-07-07T15:52:18.675Z
Updated: 2025-07-07T16:00:15.266Z
Reserved: 2025-06-27T12:57:16.122Z
Link: CVE-2025-53374

Updated: 2025-07-07T16:00:06.546Z

Status : Received
Published: 2025-07-07T16:15:25.113
Modified: 2025-07-07T16:15:25.113
Link: CVE-2025-53374

No data.