Vulnerability Details : CVE-2020-10966
Potential exploit
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
Products affected by CVE-2020-10966
- cpe:2.3:a:vestacp:control_panel:*:*:*:*:*:*:*:*
- cpe:2.3:a:hestiacp:control_panel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-10966
0.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-10966
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2020-10966
-
https://github.com/hestiacp/hestiacp/issues/748
Manipulation of Host Header lead to Account Takeover Vulnerability · Issue #748 · hestiacp/hestiacp · GitHubExploit;Third Party Advisory
-
https://github.com/hestiacp/hestiacp/releases/tag/1.1.1
Release 1.1.1 (hotfix/security release) · hestiacp/hestiacp · GitHubThird Party Advisory
-
https://github.com/serghey-rodin/vesta/commit/c3c4de43d6701560f604ca7996f717b08e3d7d1d
Preventing manipulation with $_SERVER['HTTP_HOST'] · serghey-rodin/vesta@c3c4de4 · GitHubPatch;Third Party Advisory
Jump to