CVE-2021-27231

hestiacp/hestiacp

on github

sickcodes/security

on github

Published

February 16, 2021

Severity

CVSS v3:

5.4 MEDIUM

CVSS v2:

5.5 MEDIUM

Description

Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.

References

https://github.com/hestiacp/hestiacp/issues/1622
https://www.hestiacp.com/
https://github.com/sickcodes/security/blob/master/advisories/sick-2021-006.md
https://sick.codes/sick-2021-006

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:hestiacp:control_panel::::::::	n/a	1.3.5 (including)	*

External Links

NVD - CVE-2021-27231