ajenti-panel@2.2.3 vulnerabilities

Ajenti core based panel

Direct Vulnerabilities

Known vulnerabilities in the ajenti-panel package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Information Exposure

ajenti-panel is Ajenti core based panel.

Affected versions of this package are vulnerable to Information Exposure. It can result in user and system enumeration as well as exposure of data from the /etc/ajenti/config.yml file. This attack appears to be exploitable via network connectivity to the web application.

How to fix Information Exposure?

There is no fix version for ajenti-panel

[0,)
  • M
Improper Error Handling

ajenti-panel is Ajenti core based panel.

Affected versions of this package are vulnerable to Improper Error Handling in the Login JSON request. It can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server.

How to fix Improper Error Handling?

There is no fix version for ajenti-panel

[0,)
  • M
Insecure Permissions

ajenti-panel is Ajenti core based panel.

Affected versions of this package are vulnerable to Insecure Permissions in the Plugins download. It can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in response, downloads the plugin.

How to fix Insecure Permissions?

There is no fix version for ajenti-panel

[0,)
  • H
Improper Input Validation

ajenti-panel is Ajenti core based panel.

Affected versions of this package are vulnerable to Improper Input Validation in the ID string on a Get-values POST request. It can result in Server Crashing. An attacker can freeze the server by sending a giant string to the ID parameter.

How to fix Improper Input Validation?

There is no fix version for ajenti-panel

[0,)
  • H
Cross-site Request Forgery (CSRF)

ajenti-panel is Ajenti core based panel.

Affected versions of this package are vulnerable to Cross ite Request Forgery (CSRF) in the command execution panel of the tool used to manage the server. This attack appear to be exploitable via Being a CSRF, victim interaction is needed, when the victim access the infected trigger of the CSRF any code that match the victim privledges on the server can be executed.

How to fix Cross-site Request Forgery (CSRF)?

There is no fix version for ajenti-panel

[0,)