CVE-2018-1000126

Published: Mar 13, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config.yml file. This attack appears to be exploitable via network connectivity to the web application.

Affected (1)

Products: Ajenti: Ajenti

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ajenti Ajenti	Version 2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://medium.com/stolabs/security-issues-on-ajenti-d2b7526eaeee

Source: cve@mitre.org

ExploitThird Party Advisory

https://medium.com/stolabs/security-issues-on-ajenti-d2b7526eaeee

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.