Webmin up to 1.973 access control

Summaryinfo

A vulnerability was found in Webmin and classified as critical. The impacted element is an unknown function. The manipulation results in access control. This vulnerability was named CVE-2022-0824. The attack may be performed from remote. In addition, an exploit is available. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability classified as critical has been found in Webmin (Software Management Software). Affected is an unknown code. The manipulation with an unknown input leads to a access control vulnerability. CWE is classifying the issue as CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was presented 03/02/2022. The advisory is available at huntr.dev. This vulnerability is traded as CVE-2022-0824 since 03/02/2022. Technical details are unknown but a public exploit is available. This vulnerability is assigned to T1068 by the MITRE ATT&CK project.

The exploit is shared for download at exploit-db.com. It is declared as proof-of-concept.

Upgrading to version 1.990 eliminates this vulnerability. Applying the patch 39ea464f0c40b325decd6a5bfb7833fa4a142e38 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at Exploit-DB (50809). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Software Management Software

Name

• Webmin

Version

• 0.1
• 0.2
• 0.3
• 0.4
• 0.5
• 0.6
• 0.7
• 0.21
• 0.22
• 0.31
• 0.41
• 0.42
• 0.51
• 0.76
• 0.77
• 0.78
• 0.79
• 0.80
• 0.83
• 0.84
• 0.85
• 0.88
• 0.90
• 0.91
• 0.92
• 0.92.1
• 0.93
• 0.94
• 0.95
• 0.96
• 0.97
• 0.98
• 0.99
• 0.950
• 0.960
• 0.970
• 0.980
• 0.990
• 1.0.00
• 1.0.10
• 1.0.20
• 1.0.30
• 1.0.40
• 1.0.50
• 1.0.51
• 1.0.60
• 1.0.70
• 1.0.80
• 1.0.90
• 1.070
• 1.1.00
• 1.1.10
• 1.1.20
• 1.1.21
• 1.1.30
• 1.1.40
• 1.1.50
• 1.1.60
• 1.2.20
• 1.2.30
• 1.2.40
• 1.2.50
• 1.2.60
• 1.2.70
• 1.2.80
• 1.2a
• 1.3
• 1.3.20
• 1.32
• 1.140
• 1.150
• 1.160
• 1.170
• 1.170-r3
• 1.180
• 1.200
• 1.210
• 1.220
• 1.226
• 1.230
• 1.240
• 1.250
• 1.260
• 1.270
• 1.280
• 1.290
• 1.300
• 1.310
• 1.320
• 1.330
• 1.340
• 1.360
• 1.370
• 1.380
• 1.390
• 1.400
• 1.410
• 1.420
• 1.430
• 1.440
• 1.450
• 1.470
• 1.480
• 1.500
• 1.510
• 1.520
• 1.530
• 1.550
• 1.560
• 1.570
• 1.580
• 1.590
• 1.600
• 1.600-5
• 1.610
• 1.620
• 1.630
• 1.640
• 1.650
• 1.660
• 1.670
• 1.690
• 1.720
• 1.730
• 1.830
• 1.840
• 1.850
• 1.860
• 1.870
• 1.880
• 1.890
• 1.900
• 1.910
• 1.962
• 1.973

License

• open-source

Website

• Product: https://github.com/webmin/webmin/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion