CVE-2021-31762

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-31762

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31762.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-31762

Published

2021-04-25T19:15:08Z

Modified

2025-01-14T09:13:16.532571Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.

References

Affected packages

Git / github.com/webmin/webmin

Affected ranges

Type: GIT
Repo: https://github.com/webmin/webmin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

d7323047251d03763064e7478d1e176546dd24f4

Affected versions

1.*

1.700

1.710

1.720

1.730

1.740

1.750

1.760

1.770

1.780

1.790

1.800

1.801

1.810

1.820

1.830

1.831

1.840

1.850

1.860

1.870

1.880

1.890

1.900

1.910

1.920

1.930

1.940

1.941

1.950

1.951

1.953

1.954

1.955

1.960

1.962

1.970

1.972

1.973