Описание
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions.
Ссылки
EPSS
Процентиль: 47%
0.00238
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 9.8
github
11 дней назад
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions.
EPSS
Процентиль: 47%
0.00238
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-863