PYSEC-2018-109
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/ajenti-panel/PYSEC-2018-109.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2018-109
- Aliases
-
- CVE-2018-1000080
- Published
- 2018-03-13T15:29:00Z
- Modified
- 2023-11-08T03:59:34.101091Z
- Summary
- [none]
- Details
-
Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in response, downloads the plugin.
- References
Affected packages
PyPI / ajenti-panel
Package
- Name
- ajenti-panel
- View open source insights on deps.dev
- Purl
- pkg:pypi/ajenti-panel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
0.10
0.11
0.12
0.13
0.14
0.15
0.16
0.17
0.18
0.19
0.20
0.21
0.22
0.23
0.25
0.26
0.27
0.28
0.29
0.30
0.31
0.32
0.33
2.*
2.0.34
2.0.35
2.0.36
2.0.37
2.0.38
2.0.39
2.0.40
2.0.41
2.0.42
2.0.43
2.0.44
2.0.45
2.0.46
2.0.47
2.0.48
2.0.49
2.0.50
2.0.51
2.0.52
2.0.53
2.0.54
2.0.55
2.0.56
2.0.57
2.0.58
2.0.59
2.0.60
2.0.61
2.0.62
2.0.63
2.0.64
2.0.65
2.0.66
2.0.67
2.0.68
2.0.69
2.0.70
2.0.71
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.1.19
2.1.20
2.1.21
2.1.22
2.1.23
2.1.24
2.1.25
2.1.26
2.1.27
2.1.28
2.1.29
2.1.30
2.1.31
2.1.32
2.1.33
2.1.34
2.1.35
2.1.36
2.1.37
2.1.38
2.1.39
2.1.40
2.1.42
2.1.43
2.1.44
2.2.0
2.2.1
2.2.3
2.2.4