CVE-2018-1000080

Name of the Vulnerable Software and Affected Versions: Ajenti version 2

Description: The issue concerns an Insecure Permissions vulnerability in the Plugins download feature. This vulnerability can allow the download of any plugins as a normal user. The attack is exploitable by understanding how the requisition is made and sending it as a normal user, which results in the server downloading the plugin in response.

Recommendations: For Ajenti version 2, consider restricting access to the plugin download feature to prevent exploitation until a proper fix is available. As a temporary workaround, restrict the permissions of normal users to minimize the risk of unauthorized plugin downloads.