Web interface client for Xen-Orchestra
8 years ago
latest version published
5 years ago
Known vulnerabilities in the xo-web package. This does not include vulnerabilities belonging to this package’s dependencies.Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Affected versions of this package are vulnerable to Improper Access Control. Permissions enforcement through WebSockets are not thoroughly checked and can lead to an unprivileged user to obtain data only accessible by admin, such as VMs, Backups, Audit, Users, and Groups.
The WebSockets that control the application API allow access to certain elements based purely on the response. For example, an attacker could manipulate the response of the
How to fix Improper Access Control?
There is no fixed version for