PYSEC-2018-113

2018-03-1321:29:00

Google

osv.dev

0.002 Low

EPSS

Percentile

58.8%

JSON

Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config.yml file. This attack appears to be exploitable via network connectivity to the web application.

CPENameOperatorVersion
ajenti-paneleq2.0.54
ajenti-paneleq2.0.67
ajenti-paneleq2.1.30
ajenti-paneleq2.0.45
ajenti-paneleq0.31
ajenti-paneleq0.2
ajenti-paneleq2.0.64
ajenti-paneleq0.3
ajenti-paneleq0.22
ajenti-paneleq2.0.43

Name	Operator	Version
ajenti-panel	eq	2.0.54
ajenti-panel	eq	2.0.67
ajenti-panel	eq	2.1.30
ajenti-panel	eq	2.0.45
ajenti-panel	eq	0.31
ajenti-panel	eq	0.2
ajenti-panel	eq	2.0.64
ajenti-panel	eq	0.3
ajenti-panel	eq	0.22
ajenti-panel	eq	2.0.43