CVE-2019-13383

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions CentOS Web Panel version 0.9.8.846

Description The issue is related to the login process in CentOS Web Panel, which allows attackers to determine whether a username is valid by analyzing the HTTP response. This is due to a lack of protection for internal data. An attacker could exploit this to reveal protected information.

Recommendations For version 0.9.8.846, as a temporary workaround, consider restricting access to the login process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-203

Related Identifiers

BDU:2020-00073

CVE-2019-13383

Affected Products

Centos Web Panel

CVE-2019-13383

Weakness Enumeration

Related Identifiers

Affected Products

References · 10