Insecure Object Reference in CentOS Web Panel by CentOS-WebPanel.com
CVE-2019-14246

6.5MEDIUM

Key Information:

Vendor

Centos-webpanel

Status
Centos Web Panel
Vendor
CVE Published:
21 August 2019

What is CVE-2019-14246?

A vulnerability in CentOS Web Panel version 0.9.8.851 allows an attacker with an account to exploit an insecure object reference. This weakness enables unauthorized access to retrieve phpMyAdmin passwords of any user listed in the '/etc/passwd' file, compromising the security of sensitive database access credentials.

References

https://centos-webpanel.com/changelog-cwp7
x_refsource_MISC
http://packetstormsecurity.com/files/154156/CentOS-Contro...
x_refsource_MISC
http://packetstormsecurity.com/files/154156/CentOS-WebPan...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2019-14246 : Insecure Object Reference in CentOS Web Panel by CentOS-WebPanel.com