CVE-2019-14728

Name of the Vulnerable Software and Affected Versions CentOS Web Panel version 0.9.8.851

Description The issue is related to an insecure object reference in CentOS Web Panel, which allows an attacker to add an e-mail forwarding destination to a victim's account. This is due to insufficient input validation, enabling a remote attacker to exploit the weakness and modify a user's account settings by adding an email forwarding address.

Recommendations For version 0.9.8.851, as a temporary workaround, consider restricting access to email forwarding settings until a patch is available. Avoid using the email forwarding feature in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.