PYSEC-2018-109

2018-03-1315:29:00

Google

osv.dev

0.001 Low

EPSS

Percentile

21.4%

JSON

Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in response, downloads the plugin.

CPENameOperatorVersion
ajenti-paneleq2.0.54
ajenti-paneleq2.0.67
ajenti-paneleq2.1.30
ajenti-paneleq2.0.45
ajenti-paneleq0.31
ajenti-paneleq0.2
ajenti-paneleq2.0.64
ajenti-paneleq0.3
ajenti-paneleq0.22
ajenti-paneleq2.0.43

Name	Operator	Version
ajenti-panel	eq	2.0.54
ajenti-panel	eq	2.0.67
ajenti-panel	eq	2.1.30
ajenti-panel	eq	2.0.45
ajenti-panel	eq	0.31
ajenti-panel	eq	0.2
ajenti-panel	eq	2.0.64
ajenti-panel	eq	0.3
ajenti-panel	eq	0.22
ajenti-panel	eq	2.0.43