CVE-2021-30463

Name of the Vulnerable Software and Affected Versions VestaCP versions prior to 0.9.8-25

Description The issue allows attackers to gain privileges by creating symlinks to files for which they lack permissions. This can be achieved by reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory. Then, the admin password can be changed via a "/reset/?action=confirm&user=admin&code=" URI. The problem arises from the unsafe use of chmod.

Recommendations For VestaCP versions prior to 0.9.8-25, update to version 0.9.8-25 or later to resolve the issue. As a temporary workaround, consider restricting access to the /reset/ API endpoint to minimize the risk of exploitation. Additionally, restrict write access to the /usr/local/vesta/data/users/admin directory to prevent unauthorized modifications.