CVE Vulnerabilities

CVE-2012-2983

Improper Authentication

Published: Sep 11, 2012 | Modified: May 30, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a files unedited contents, which allows remote attackers to read arbitrary files via the file field.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Webmin Gentoo * 1.590 (including)
Webmin Gentoo 1.140 (including) 1.140 (including)
Webmin Gentoo 1.150 (including) 1.150 (including)
Webmin Gentoo 1.160 (including) 1.160 (including)
Webmin Gentoo 1.170 (including) 1.170 (including)
Webmin Gentoo 1.180 (including) 1.180 (including)
Webmin Gentoo 1.200 (including) 1.200 (including)
Webmin Gentoo 1.210 (including) 1.210 (including)
Webmin Gentoo 1.220 (including) 1.220 (including)
Webmin Gentoo 1.230 (including) 1.230 (including)
Webmin Gentoo 1.240 (including) 1.240 (including)
Webmin Gentoo 1.260 (including) 1.260 (including)
Webmin Gentoo 1.270 (including) 1.270 (including)
Webmin Gentoo 1.280 (including) 1.280 (including)
Webmin Gentoo 1.290 (including) 1.290 (including)
Webmin Gentoo 1.300 (including) 1.300 (including)
Webmin Gentoo 1.310 (including) 1.310 (including)
Webmin Gentoo 1.320 (including) 1.320 (including)
Webmin Gentoo 1.330 (including) 1.330 (including)
Webmin Gentoo 1.340 (including) 1.340 (including)
Webmin Gentoo 1.370 (including) 1.370 (including)
Webmin Gentoo 1.380 (including) 1.380 (including)
Webmin Gentoo 1.390 (including) 1.390 (including)
Webmin Gentoo 1.400 (including) 1.400 (including)
Webmin Gentoo 1.410 (including) 1.410 (including)
Webmin Gentoo 1.420 (including) 1.420 (including)
Webmin Gentoo 1.430 (including) 1.430 (including)
Webmin Gentoo 1.440 (including) 1.440 (including)
Webmin Gentoo 1.450 (including) 1.450 (including)
Webmin Gentoo 1.470 (including) 1.470 (including)
Webmin Gentoo 1.480 (including) 1.480 (including)
Webmin Gentoo 1.500 (including) 1.500 (including)
Webmin Gentoo 1.510 (including) 1.510 (including)
Webmin Gentoo 1.520 (including) 1.520 (including)
Webmin Gentoo 1.530 (including) 1.530 (including)
Webmin Gentoo 1.550 (including) 1.550 (including)
Webmin Gentoo 1.560 (including) 1.560 (including)
Webmin Gentoo 1.570 (including) 1.570 (including)
Webmin Gentoo 1.580 (including) 1.580 (including)

Potential Mitigations

References