Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config.yml file. This attack appears to be exploitable via network connectivity to the web application.
Max CVSS
7.5
EPSS Score
0.18%
Published
2018-03-13
Updated
2018-04-11
Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server.
Max CVSS
5.3
EPSS Score
0.13%
Published
2018-03-13
Updated
2018-04-06
Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command execution panel of the tool used to manage the server. that can result in Code execution on the server . This attack appear to be exploitable via Being a CSRF, victim interaction is needed, when the victim access the infected trigger of the CSRF any code that match the victim privledges on the server can be executed..
Max CVSS
8.8
EPSS Score
0.15%
Published
2018-03-13
Updated
2018-04-06
Ajenti version version 2 contains a Input Validation vulnerability in ID string on Get-values POST request that can result in Server Crashing. This attack appear to be exploitable via An attacker can freeze te server by sending a giant string to the ID parameter ..
Max CVSS
7.5
EPSS Score
0.12%
Published
2018-03-13
Updated
2018-04-06
Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in response, downloads the plugin.
Max CVSS
6.5
EPSS Score
0.05%
Published
2018-03-13
Updated
2019-10-03
5 vulnerabilities found