CVE-2024-36451

Source
https://cve.org/CVERecord?id=CVE-2024-36451
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36451.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-36451
Published
2024-07-10T07:01:26.121Z
Modified
2026-07-15T01:49:08.865564170Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36451.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "prior to 2.003"
                },
                {
                    "last_affected": "prior to 2.003"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "jpcert"
}
References

Affected packages

Git / github.com/webmin/webmin

Affected ranges

Type
GIT
Repo
https://github.com/webmin/webmin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.003"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

1.*
1.700
1.710
1.720
1.730
1.740
1.750
1.760
1.770
1.780
1.790
1.800
1.801
1.810
1.820
1.830
1.831
1.840
1.850
1.860
1.870
1.880
1.890
1.900
1.910
1.920
1.930
1.940
1.941
1.950
1.951
1.953
1.954
1.955
1.960
1.962
1.970
1.972
1.973
1.974
1.980
1.982
1.983
1.984
1.990
1.991
1.993
1.994
1.995
1.996
1.998
1.999
2.*
2.000
2.001

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36451.json"