From db76f31205d3a1b3c487a46007d2b40847580a77 Mon Sep 17 00:00:00 2001 From: MostInterestingBotInTheWorld <98333686+MostInterestingBotInTheWorld@users.noreply.github.com> Date: Tue, 21 Mar 2023 16:24:53 -0400 Subject: [PATCH] Enhancement: cves/2022/CVE-2022-0824.yaml by md --- cves/2022/CVE-2022-0824.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cves/2022/CVE-2022-0824.yaml b/cves/2022/CVE-2022-0824.yaml index 84da66712b..cec83fac34 100644 --- a/cves/2022/CVE-2022-0824.yaml +++ b/cves/2022/CVE-2022-0824.yaml @@ -4,12 +4,12 @@ info: name: Webmin <1.990 - Improper Access Control author: cckuailong severity: high - description: Webmin before 1.990 is susceptible to improper access control in GitHub repository webmin/webmin. + description: Webmin before 1.990 is susceptible to improper access control in GitHub repository webmin/webmin. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. reference: - https://github.com/faisalfs10x/Webmin-CVE-2022-0824-revshell/blob/main/Webmin-revshell.py - - https://nvd.nist.gov/vuln/detail/CVE-2022-0824 - https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38 - https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295 + - https://nvd.nist.gov/vuln/detail/CVE-2022-0824 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8