Skip to main content

Control Panel CVE-2022-2626

HIGH
Incorrect Privilege Assignment (CWE-266)
2022-08-05 security@huntr.dev
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 05, 2022 - 09:15 nvd
HIGH 7.2

DescriptionNVD

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.

AnalysisAI

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-266. Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. Affected products include: Hestiacp Control Panel. Version information: prior to 1.6.6..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-3797 CRITICAL POC
9.8 Sep 15

hestiacp is vulnerable to Use of Wrong Operator in String Comparison. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2022-2636 HIGH POC
8.8 Aug 05

Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. Rated h

CVE-2022-2550 HIGH POC
8.8 Jul 27

OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. Rated high severity (CVSS 8.8), this vulnera

CVE-2022-1509 HIGH POC
8.8 Apr 28

Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. Rated high severity (CVSS 8.8),

CVE-2019-12792 HIGH POC
8.8 Aug 15

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escala

CVE-2019-12791 HIGH POC
8.8 Aug 15

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to

CVE-2023-5839 HIGH POC
7.8 Oct 29

Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9. Rated high severity (CVSS 7.8), this vulnerabi

CVE-2021-30463 HIGH POC
7.8 Apr 08

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissio

CVE-2020-10966 MEDIUM POC
6.5 Mar 25

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header

CVE-2023-3479 MEDIUM POC
6.1 Jun 30

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. Rated medium severity (CVS

CVE-2022-0986 MEDIUM POC
6.1 Mar 16

Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. Rated medium

CVE-2022-0752 MEDIUM POC
6.1 Mar 04

Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. Rated medium severity (CVSS

Share

CVE-2022-2626 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy