Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-4gcf-523q-9gmp

Опубликовано: 21 мар. 2023
Источник: github
Github: Не прошло ревью
CVSS3: 8.1

Описание

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.

Ссылки

EPSS

Процентиль: 31%
0.00116
Низкий

8.1 High

CVSS3

CVE ID

CVE-2023-0391

Дефекты

CWE-321
CWE-798

Связанные уязвимости

nvd логотип

CVE-2023-0391

CVSS3: 8.1
nvd
почти 3 года назад

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.

fstec логотип

BDU:2023-01566

CVSS3: 7.1
fstec
около 3 лет назад

Уязвимость панели управления серверами и облачными сервисами CloudPanel, связанная с использованием жестко закодированного криптографического ключа для SSL-сертификата, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 31%
0.00116
Низкий

8.1 High

CVSS3

CVE ID

CVE-2023-0391

Дефекты

CWE-321
CWE-798