VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin scripts.
References
Link | Resource |
---|---|
https://ssd-disclosure.com/ssd-advisory-vestacp-lpe-vulnerabilities/ | Exploit Third Party Advisory |
https://ssd-disclosure.com/ssd-advisory-vestacp-lpe-vulnerabilities/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 06:03
Type | Values Removed | Values Added |
---|---|---|
References | () https://ssd-disclosure.com/ssd-advisory-vestacp-lpe-vulnerabilities/ - Exploit, Third Party Advisory |
Information
Published : 2021-04-08 14:15
Updated : 2024-11-21 06:03
NVD link : CVE-2021-30462
Mitre link : CVE-2021-30462
CVE.ORG link : CVE-2021-30462
JSON object : View
Products Affected
vestacp
- vesta_control_panel
CWE
CWE-306
Missing Authentication for Critical Function