CVE-2019-13477

Name of the Vulnerable Software and Affected Versions CentOS Web Panel version 0.9.8.837

Description The issue concerns a CSRF vulnerability in the forgot password function, allowing an attacker to change the password for the root account. This vulnerability can be exploited by a remote attacker to perform arbitrary actions on the vulnerable device.

Recommendations For version 0.9.8.837, as a temporary workaround, consider disabling the forgot password function until a patch is available. Restrict access to the root account to minimize the risk of exploitation. Avoid using the forgot password feature in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.