meshcentral@0.7.99 vulnerabilities

meshcentral is a Web based remote computer management server

Affected versions of this package are vulnerable to Origin Validation Error within the control.ashx endpoint, which is the primary mechanism used for performing administrative actions on the server.

An attacker can execute unauthorized commands or access sensitive information by convincing a victim to click on a malicious link to a page hosting an attacker-controlled site, which then allows the attacker to originate a cross-site websocket connection using client-side JavaScript to connect to control.ashx as the victim user.

Upgrade meshcentral to version 1.1.21 or higher.

meshcentral is a Web based remote computer management server

Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation due to the use of hmac_md5. An attacker can compromise the confidentiality of data by applying brute force to the encrypted contents.

There is no fixed version for meshcentral.

meshcentral is a Web based remote computer management server

Affected versions of this package are vulnerable to Improper Certificate Validation for SSL certificates. An attacker can intercept or manipulate secure communications by presenting a forged or self-signed certificate without being detected.

There is no fixed version for meshcentral.

meshcentral is a Web based remote computer management server

Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade'). An attacker can downgrade the cryptographic algorithm to a less secure one by manipulating the algorithm negotiation process.

Upgrade meshcentral to version 1.1.17 or higher.