meshcentral@0.6.20 vulnerabilities

Web based remote computer management server

Direct Vulnerabilities

Known vulnerabilities in the meshcentral package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Origin Validation Error

meshcentral is a Web based remote computer management server

Affected versions of this package are vulnerable to Origin Validation Error within the control.ashx endpoint, which is the primary mechanism used for performing administrative actions on the server.

An attacker can execute unauthorized commands or access sensitive information by convincing a victim to click on a malicious link to a page hosting an attacker-controlled site, which then allows the attacker to originate a cross-site websocket connection using client-side JavaScript to connect to control.ashx as the victim user.

How to fix Origin Validation Error?

Upgrade meshcentral to version 1.1.21 or higher.

<1.1.21
  • H
Use of a Cryptographic Primitive with a Risky Implementation

meshcentral is a Web based remote computer management server

Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation due to the use of hmac_md5. An attacker can compromise the confidentiality of data by applying brute force to the encrypted contents.

How to fix Use of a Cryptographic Primitive with a Risky Implementation?

There is no fixed version for meshcentral.

>=0.0.0
  • H
Improper Certificate Validation

meshcentral is a Web based remote computer management server

Affected versions of this package are vulnerable to Improper Certificate Validation for SSL certificates. An attacker can intercept or manipulate secure communications by presenting a forged or self-signed certificate without being detected.

How to fix Improper Certificate Validation?

There is no fixed version for meshcentral.

*
  • M
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

meshcentral is a Web based remote computer management server

Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade'). An attacker can downgrade the cryptographic algorithm to a less secure one by manipulating the algorithm negotiation process.

How to fix Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')?

Upgrade meshcentral to version 1.1.17 or higher.

<1.1.17