Insecure Permissions Vulnerability in Ajenti by Ajenti
CVE-2018-1000080

6.5MEDIUM

Key Information:

Vendor: Ajenti
Status: Ajenti
Vendor: CVE Published:; 13 March 2018

What is CVE-2018-1000080?

Ajenti version 2 has a vulnerability that allows unauthorized users to download plugins by exploiting insecure permissions. This vulnerability arises from how the server processes requests for plugin downloads, permitting normal users to initiate downloads without proper authentication. As users can send crafted requests without elevated permissions, this flaw presents a significant risk to system integrity and security, potentially allowing malicious users to exploit the affected system.

References

https://medium.com/stolabs/security-issues-on-ajenti-d2b7...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2018
Vulnerability Reserved
Feb 21, 2018

CVE-2018-1000080 Data

JSON