Ylianst/MeshCentral

GitHub

github.com

meshcentral.com

Releases166

Frequency1 week 6 days

Last Release 8 days ago

Stars6.65K

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-26135 ↗	Feb 20, 2024Tuesday, 20 February 2024, 20:15	8.3 HIGH	—
MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking (CSWSH) vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is exploitable when an attacker is able to convince a victim end-user to click on a malicious link to a page hosting an attacker-controlled site. The attacker can then originate a cross-site websocket connection using client-side JavaScript code to connect to `control.ashx` as the victim user within MeshCentral. Version 1.1.21 contains a patch for this issue.
CVE-2023-51838 ↗	Feb 2, 2024Friday, 2 February 2024, 16:15	7.5 HIGH	—
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
CVE-2023-51837 ↗	Jan 30, 2024Tuesday, 30 January 2024, 01:15	9.8 CRITICAL	—
Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation.
CVE-2023-51842 ↗	Jan 29, 2024Monday, 29 January 2024, 20:15	7.5 HIGH	—
An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16.