Gentoo FoundationGLSA-200406-12Webmin: Multiple vulnerabilities
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
79.2%
Background
Webmin is a web-based administration tool for Unix. It supports a wide range of applications including Apache, DNS, file sharing and others.
Description
Webmin contains two security vulnerabilities. One allows any user to view the configuration of any module and the other could allow an attacker to lock out a valid user by sending an invalid username and password.
Impact
An authenticated user could use these vulnerabilities to view the configuration of any module thus potentially obtaining important knowledge about configuration settings. Furthermore an attacker could lock out legitimate users by sending invalid login information.
Workaround
There is no known workaround at this time.
Resolution
All Webmin users should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=app-admin/app-admin/webmin-1.150"
# emerge ">=app-admin/app-admin/webmin-1.150"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | app-admin/webmin | <= 1.140-r1 | UNKNOWN |
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
79.2%