Webmin up to 2.001 Ajaxterm cross-site request forgery

Summaryinfo

A vulnerability marked as problematic has been reported in Webmin. This affects an unknown function of the component Ajaxterm Module. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-36452. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in Webmin. This issue affects an unknown code of the component Ajaxterm Module. The manipulation with an unknown input leads to a cross-site request forgery vulnerability. Using CWE to declare the problem leads to CWE-352. The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. Impacted is integrity. The summary by CVE is:

Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious page while logged in. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted.

The identification of this vulnerability is CVE-2024-36452 since 05/28/2024. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available.

Upgrading to version 2.003 eliminates this vulnerability.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Software Management Software

Name

• Webmin

Version

• 0.1
• 0.2
• 0.3
• 0.4
• 0.5
• 0.6
• 0.7
• 0.21
• 0.22
• 0.31
• 0.41
• 0.42
• 0.51
• 0.76
• 0.77
• 0.78
• 0.79
• 0.80
• 0.83
• 0.84
• 0.85
• 0.88
• 0.90
• 0.91
• 0.92
• 0.92.1
• 0.93
• 0.94
• 0.95
• 0.96
• 0.97
• 0.98
• 0.99
• 0.950
• 0.960
• 0.970
• 0.980
• 0.990
• 1.0.00
• 1.0.10
• 1.0.20
• 1.0.30
• 1.0.40
• 1.0.50
• 1.0.51
• 1.0.60
• 1.0.70
• 1.0.80
• 1.0.90
• 1.070
• 1.1.00
• 1.1.10
• 1.1.20
• 1.1.21
• 1.1.30
• 1.1.40
• 1.1.50
• 1.1.60
• 1.2.20
• 1.2.30
• 1.2.40
• 1.2.50
• 1.2.60
• 1.2.70
• 1.2.80
• 1.2a
• 1.3
• 1.3.20
• 1.32
• 1.140
• 1.150
• 1.160
• 1.170
• 1.170-r3
• 1.180
• 1.200
• 1.210
• 1.220
• 1.226
• 1.230
• 1.240
• 1.250
• 1.260
• 1.270
• 1.280
• 1.290
• 1.300
• 1.310
• 1.320
• 1.330
• 1.340
• 1.360
• 1.370
• 1.380
• 1.390
• 1.400
• 1.410
• 1.420
• 1.430
• 1.440
• 1.450
• 1.470
• 1.480
• 1.500
• 1.510
• 1.520
• 1.530
• 1.550
• 1.560
• 1.570
• 1.580
• 1.590
• 1.600
• 1.600-5
• 1.610
• 1.620
• 1.630
• 1.640
• 1.650
• 1.660
• 1.670
• 1.690
• 1.720
• 1.730
• 1.830
• 1.840
• 1.850
• 1.860
• 1.870
• 1.880
• 1.890
• 1.900
• 1.962
• 1.973
• 1.990
• 1.997
• 2.000
• 2.001

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion