Описание
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.
Ссылки
- http://packetstormsecurity.com/files/153877/CentOS-Control-Web-Panel-0.9.8.840-User-Enumeration.htmlExploitThird Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- http://packetstormsecurity.com/files/153877/CentOS-Control-Web-Panel-0.9.8.840-User-Enumeration.htmlExploitThird Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:control-webpanel:webpanel:0.9.8.840:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00779
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.
EPSS
Процентиль: 73%
0.00779
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22