ajenti-panel@2.2.1 vulnerabilities

ajenti-panel is Ajenti core based panel.

Affected versions of this package are vulnerable to Information Exposure. It can result in user and system enumeration as well as exposure of data from the /etc/ajenti/config.yml file. This attack appears to be exploitable via network connectivity to the web application.

There is no fix version for ajenti-panel

ajenti-panel is Ajenti core based panel.

Affected versions of this package are vulnerable to Insecure Permissions in the Plugins download. It can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in response, downloads the plugin.

There is no fix version for ajenti-panel

ajenti-panel is Ajenti core based panel.

Affected versions of this package are vulnerable to Improper Error Handling in the Login JSON request. It can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server.

There is no fix version for ajenti-panel

ajenti-panel is Ajenti core based panel.

Affected versions of this package are vulnerable to Improper Input Validation in the ID string on a Get-values POST request. It can result in Server Crashing. An attacker can freeze the server by sending a giant string to the ID parameter.

There is no fix version for ajenti-panel

ajenti-panel is Ajenti core based panel.

Affected versions of this package are vulnerable to Cross ite Request Forgery (CSRF) in the command execution panel of the tool used to manage the server. This attack appear to be exploitable via Being a CSRF, victim interaction is needed, when the victim access the infected trigger of the CSRF any code that match the victim privledges on the server can be executed.

There is no fix version for ajenti-panel