Mineadmin
Monthly
MineAdmin 1.x and 2.x contains insufficient JWT token verification in the /system/refresh endpoint, allowing authenticated remote attackers to tamper with token data and potentially escalate privileges or bypass security controls. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. Exploitation requires authenticated access and specific conditions, resulting in a medium severity rating with limited immediate impact.
Information disclosure in MineAdmin 1.x/2.x through an exposed Swagger component allows unauthenticated remote attackers to access sensitive data over the network. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
Improper authorization in MineAdmin 1.x/2.x allows authenticated remote attackers to gain unauthorized access through the View Interface cache component. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response to disclosure requests. An attacker with valid credentials can exploit this to read, modify, or disrupt system operations.
MineAdmin 1.x and 2.x contains insufficient JWT token verification in the /system/refresh endpoint, allowing authenticated remote attackers to tamper with token data and potentially escalate privileges or bypass security controls. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. Exploitation requires authenticated access and specific conditions, resulting in a medium severity rating with limited immediate impact.
Information disclosure in MineAdmin 1.x/2.x through an exposed Swagger component allows unauthenticated remote attackers to access sensitive data over the network. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
Improper authorization in MineAdmin 1.x/2.x allows authenticated remote attackers to gain unauthorized access through the View Interface cache component. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response to disclosure requests. An attacker with valid credentials can exploit this to read, modify, or disrupt system operations.