Mineadmin
Monthly
A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the file /system/downloadById. [CVSS 3.1 LOW]
A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. [CVSS 3.1 LOW]
MineAdmin 1.x and 2.x contains insufficient JWT token verification in the /system/refresh endpoint, allowing authenticated remote attackers to tamper with token data and potentially escalate privileges or bypass security controls. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. Exploitation requires authenticated access and specific conditions, resulting in a medium severity rating with limited immediate impact.
Information disclosure in MineAdmin 1.x/2.x through an exposed Swagger component allows unauthenticated remote attackers to access sensitive data over the network. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
Improper authorization in MineAdmin 1.x/2.x allows authenticated remote attackers to gain unauthorized access through the View Interface cache component. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response to disclosure requests. An attacker with valid credentials can exploit this to read, modify, or disrupt system operations.
A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the file /system/downloadById. [CVSS 3.1 LOW]
A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. [CVSS 3.1 LOW]
MineAdmin 1.x and 2.x contains insufficient JWT token verification in the /system/refresh endpoint, allowing authenticated remote attackers to tamper with token data and potentially escalate privileges or bypass security controls. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. Exploitation requires authenticated access and specific conditions, resulting in a medium severity rating with limited immediate impact.
Information disclosure in MineAdmin 1.x/2.x through an exposed Swagger component allows unauthenticated remote attackers to access sensitive data over the network. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
Improper authorization in MineAdmin 1.x/2.x allows authenticated remote attackers to gain unauthorized access through the View Interface cache component. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response to disclosure requests. An attacker with valid credentials can exploit this to read, modify, or disrupt system operations.