PT-2018-9302 · None · Ajenti

Published

2018-03-13

Updated

2018-04-11

CVE-2018-1000126

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Ajenti version 2

Description: The issue allows for information disclosure, which can lead to user and system enumeration, as well as exposure of data from the /etc/ajenti/config.yml file. This can be exploited through network connectivity to the web application.

Recommendations: For Ajenti version 2, update to a version that fixes the information disclosure vulnerability, specifically addressing the issue in Line 176 of the code source.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-1000126

PYSEC-2018-113

Affected Products

Ajenti

PT-2018-9302 · None · Ajenti

CVE-2018-1000126

Weakness Enumeration

Related Identifiers

Affected Products

References · 5