Subdomain Spoofing Vulnerability in Hestia Control Panel by HestiaCP
CVE-2021-27231

5.4MEDIUM

Key Information:

Vendor

Hestiacp

Status
Control Panel
Vendor
CVE Published:
16 February 2021

What is CVE-2021-27231?

In Hestia Control Panel versions 1.3.5 and earlier, a vulnerability exists that permits remote authenticated users operating in a shared-hosting environment to create subdomains for domain names owned by other customers. This flaw can lead to potential spoofing attacks on services and email messages, compromising the integrity and trustworthiness of communications. Proper security measures and updates are recommended to mitigate such risks.

References

https://github.com/hestiacp/hestiacp/issues/1622
x_refsource_MISC
https://www.hestiacp.com/
x_refsource_MISC
https://sick.codes/sick-2021-006
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.