PYSEC-2018-112

2018-03-1315:29:00

Google

osv.dev

0.001 Low

EPSS

Percentile

48.6%

JSON

Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server.

CPENameOperatorVersion
ajenti-paneleq2.0.54
ajenti-paneleq2.0.67
ajenti-paneleq2.1.30
ajenti-paneleq2.0.45
ajenti-paneleq0.31
ajenti-paneleq0.2
ajenti-paneleq2.0.64
ajenti-paneleq0.3
ajenti-paneleq0.22
ajenti-paneleq2.0.43

Name	Operator	Version
ajenti-panel	eq	2.0.54
ajenti-panel	eq	2.0.67
ajenti-panel	eq	2.1.30
ajenti-panel	eq	2.0.45
ajenti-panel	eq	0.31
ajenti-panel	eq	0.2
ajenti-panel	eq	2.0.64
ajenti-panel	eq	0.3
ajenti-panel	eq	0.22
ajenti-panel	eq	2.0.43