CVE-2022-45130

Name of the Vulnerable Software and Affected Versions Plesk Obsidian

Description The issue allows a CSRF attack, for example, via the "/api/v2/cli/commands" REST API to change an Admin password. This affects Plesk Obsidian, which is a specific version of the Plesk product where versions are identified by names, not numbers.

Recommendations As a temporary workaround, consider restricting access to the "/api/v2/cli/commands" REST API until a patch is available. Avoid using the API to change Admin passwords until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.