PT-2021-18738 · Vestacp · Vestacp

0Xgsch

Published

2021-04-08

Updated

2022-07-12

CVE-2021-30462

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions VestaCP versions prior to 0.9.8-25

Description The issue allows the admin user to escalate privileges to root due to the Sudo configuration not requiring a password to run /usr/local/vesta/bin scripts.

Recommendations For versions prior to 0.9.8-25, update to version 0.9.8-25 or later to resolve the issue. As a temporary workaround, consider modifying the Sudo configuration to require a password for running /usr/local/vesta/bin scripts.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2021-30462

Affected Products

Vestacp

PT-2021-18738 · Vestacp · Vestacp

CVE-2021-30462

Weakness Enumeration

Related Identifiers

Affected Products

References · 3