Vulnerability Details : CVE-2022-30708
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
Vulnerability category: Execute code
Products affected by CVE-2022-30708
- cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-30708
3.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-30708
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
MITRE | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2022-30708
-
https://github.com/webmin/webmin/releases
Releases · webmin/webmin · GitHubRelease Notes;Third Party Advisory
-
https://github.com/webmin/authentic-theme/releases
Releases · webmin/authentic-theme · GitHubRelease Notes;Third Party Advisory
-
https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py
rce_webmin/exploit.py at main · esp0xdeadbeef/rce_webmin · GitHubExploit;Third Party Advisory
-
https://webmin.com/changes.html
WebminRelease Notes;Vendor Advisory
-
https://github.com/webmin/webmin/issues/1635
RCE and privesc on safe user · Issue #1635 · webmin/webmin · GitHubIssue Tracking;Third Party Advisory
-
https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d
Factor out check for root-ish user into a separate function https://g… · webmin/webmin@6a2334b · GitHubPatch;Third Party Advisory
-
https://www.twitch.tv/videos/1483029790
Webmin source code analysis ~ 001 - TwitchExploit;Third Party Advisory
-
https://github.com/esp0xdeadbeef/rce_webmin
GitHub - esp0xdeadbeef/rce_webmin: RCE and privilege escalation webmin version 1.991Exploit;Third Party Advisory
Jump to